A digital arrest scam is a sophisticated cyberattack in which scammers impersonate law enforcement or government officials to extort money from victims. Typically, the scammers initiate contact through calls in which they accuse the victim of involvement in illegal activities such as money laundering or various cybercrimes.
Once the victim falls into the trap, the scammer pressures the victim for money, either by asking them to pay settlements to close their case or to pay a fine to an account held by the scammer. Victims in these cases are under immense pressure from the scammer, which clouds their judgment and causes them to divulge personally identifiable information (PII). The scammers use threats of legal action, such as digital confinement and fake courier claims, to scare victims into compliance.
Digital arrest scams are sophisticated and well-designed identity theft attacks. They coerce victims and misrepresent reality to obtain an undue advantage. These scams grow more sophisticated each day as scammers continually refine their methods of targeting victims, leveraging video calls, text messages, emails, and various other messaging platforms. In some cases, attackers have even used spoofed caller IDs to deceive unsuspecting individuals.1 As cyberscams grow increasingly complex and difficult to detect, it is imperative that cybersecurity professionals not only recognize the severity of these scams but also take proactive measures to fortify both personal and organizational defenses. Failure to do so puts critical data at serious risk.
Digital Arrest Scam Cases
The growing pervasiveness of these scams underscores the importance of awareness in combating their spread. The Economic Times reported that by November 2024, over 90,000 cases of digital arrest fraud were reported across India, with the amount stolen estimated at over INR 2,000.2 However, these figures represent only the reported incidents. Many incidents go unreported, as some victims fear being ridiculed for falling for these scams. Scammers use a variety of deceptive tactics to exploit their victims, making it crucial to understand how these scams work in practice.
In Kolkata, West Bengal, India, a 41-year-old businessman dealing in switch gears lost INR 7.55 million during a 12-day digital arrest. The scammers first called on 23 February 2025, accusing him of money laundering. Later, from 23 February to 7 March 2025, the scammers called him constantly, kept him under surveillance, and mentally pressured him into making multiple transactions. It was only when his friends intervened that he realized he had been victimized. The police have registered a first information report (FIR) and are working to recover a portion of the victims' stolen funds.3
In January 2025, a Russian national, Anatoly Mironov, was arrested in India for his role in a digital arrest scam. Operating under a Chinese syndicate, Mironov facilitated fraudulent transactions and laundered money, including converting funds into cryptocurrency.4
In February 2025, in Southeast Asia, a scam involving human trafficking caught attention worldwide. Victims of this scam were lured to Southeast Asian countries and coerced into working in online scamming hubs. Operations were primarily based in Myanmar, Cambodia, etc., where individuals were forced to scam people across the globe.5
In November 2024, in Seoul, 215 people were arrested by South Korean police on suspicion of stealing 320 billion South Korean won (KRW), equivalent to US $228.4 million, from approximately 15,000 victims in a cryptocurrency scam. The group used market makers to manipulate prices while selling 28 different kinds of worthless tokens. They indulged in digital crypto fraud by operating fictitious investment firms and luring investors with a YouTube channel.6
In February 2025, in the United States, Zhipeng Lin was arrested for his involvement in a US$496,000 scam targeting a 74-year-old woman. The fraudsters impersonated McAfee Security employees, convincing the victim to liquidate assets and deliver gold to a courier.7
These cases highlight the growing trend of digital arrest scams. Individuals and organizations alike must take the proper steps to ensure that they are informed and prepared should they be involved in such scams.
Digital Arrest Scam Methods
Digital arrest scams are a global threat; thus, it is essential to understand the methods bad actors use to carry them out. There are several ways to conduct these scams:
- Spoofing caller IDs—Scammers will spoof caller IDs to make their numbers appear as official government helplines or law enforcement.
- Accusation of serious crimes—Scammers will accuse victims of serious crimes, such as money laundering, drug trafficking, improper use of PII, and more, to extort money from the victim.
- Coercion—Scammers will intimidate victims with threats of arrest for non-cooperation or threaten to contact the victim's friends and family. Coercion can look like pressuring victims into taking out loans or liquidating their assets to pay the demanded amount. Scammers may even pressure victims to convert the money into cryptocurrency or prepaid gift cards to minimize the risk of being traced.
- Deceptive AI use—Scammers are now utilizing artificial intelligence (AI) to create deepfake videos and forged documents, including court orders or arrest warrants, to deceive victims by making their threats appear more credible.8
- Psychological manipulation—Scammers will often force victims to stay on video calls for hours to survey them and ensure they do not seek help.
Understanding how digital arrest scams are facilitated can empower potential victims to recognize and protect themselves against this rapidly evolving threat.
Digital Arrest Risk Mitigation
Given the increasing prevalence of digital arrest scams, both individuals and organizations must take proactive steps to mitigate associated risk. Governments, organizations, and cybersecurity bodies worldwide are ramping up efforts to raise awareness about these scams. While such campaigns are essential, it is also crucial for everyday people and enterprises to adopt practical measures to defend against these evolving threats. There are several ways to mitigate the potential of being victimized by digital arrest scams:
- Check and verify communication channels—It is important to always verify the identity of the person or entity initiating contact. Official court orders or arrest warrants will not be delivered via phone calls, emails, or social media messages. Always contact the issuing authority directly using official channels to verify the authenticity of any legal notice. Be wary of unsolicited communications from unknown parties. Official communications from government authorities typically come through formal letterhead or recognized governmental communication platforms.
- Educate employees on cyberhygiene—Organizations should train employees to recognize phishing attempts and deepfake-based fraud. This includes educating staff about AI technologies and how scammers use them to impersonate executives, government officials, or law enforcement. Furthermore, organizations should train employees to scrutinize emails, phone calls, and video conferences for signs of impersonation, such as inconsistencies in tone, appearance, or context. Resources such as ISACA’s© Cybersecurity Fundamentals Certificate and local government advisory portals are essential for continuous learning.9
- Implement multi-factor authentication (MFA)—Enable MFA on all critical accounts, such as email, social media, and financial platforms. This extra layer of security significantly reduces the chances of unauthorized access. Even if scammers steal passwords, they cannot complete the login process without the second form of identification, such as a one-time password sent to the user's phone. Therefore, MFA should be a standard practice for organizations of all sizes, as it significantly reduces the risk of credential-based attacks. This applies to banking apps, email accounts, and company networks.
- Do not respond to threatening emails or calls—Threatening messages stating that legal action is imminent, or an arrest warrant is being issued, should be treated as a red flag. Scammers often use such threats to create a sense of urgency and manipulate victims into acting impulsively. The best way to thwart malicious actors is to report such communications to a local cybercrime unit or relevant authorities immediately.
- Monitor financial transactions—Scammers may impersonate authorities to trick victims into transferring money. Regularly review financial transactions and bank accounts for any unusual activity. Use online banking systems with high-level encryption and security features for safer online financial management.
- Regularly update software and systems— Always keep operating systems, browsers, and applications up to date with the latest security patches. Cybercriminals exploit outdated software vulnerabilities to gain access to personal information, which they can use to bolster their digital arrest scams. Enable automatic updates whenever possible to ensure that software and systems are protected from infiltration.
- Verify URLs and links—Phishing links that lead to fake websites are a common attack vector in digital arrest scams. Before clicking on any link, verify its URL. Links can be verified by hovering the cursor over the link to ensure it matches the legitimate website. Scammers often disguise malicious links with a similar but slightly altered URL.
For further guidance, several government organizations, including the US Federal Bureau of Investigation (FBI), the Australian government, the Indian Cyber Crime department, etc., have issued various tips to citizens to stay protected.10
Conclusion
Digital arrest scams are becoming increasingly complex and are an evolving threat in today’s interconnected world. With scammers leveraging tactics such as psychological manipulation, spoofed caller IDs, and advanced technologies such as AI and deepfakes, these scams have become increasingly sophisticated and complex to detect. As these scams spread across borders, they continue to exploit fear to deceive individuals and organizations, putting both personal data and financial security at risk.
It is important that everyone, i.e., people and organizations, take preventive measures to mitigate the risk from these scams. A few key methodologies and strategies include educating oneself, employees, and other stakeholders about the latest cybersecurity threats, enabling MFA, and ensuring secure communication channels for all sensitive interactions. Organizations should not only prioritize regular cybersecurity training but also stay updated on emerging threats, while individuals should be cautious of unsolicited calls, emails, or messages claiming legal action or financial penalties.
Ultimately, since digital arrest scams are becoming increasingly intricate, it is the collective responsibility of individuals, organizations, and global cybersecurity communities to work together in raising awareness, sharing information, and developing robust defenses. By strengthening defenses and adopting vigilant practices, people can better protect themselves and their organizations from these fraudulent activities. In the face of this growing cyberrisk, awareness and caution remain the best tools for safeguarding our digital lives.
Endnotes
1 ASTPP, “Understanding STIR/SHAKEN and Its Role to Combat Caller ID Spoofing,” 5 January 2024
2 Nair, A.; “Digital Arrest Frauds on the Rise: How Scammers Target Vulnerable Victims and What You Can do to Protect Yourself,” The Economic Times, 22 February 2025
3 Ghosh, D.; “Trader Takes 75.5L Loan to Pay Crooks During 12-Day Digi-Arrest,” The Times of India, 12 March 2025
4 Mehta, A.; “Russian National Anatoly Mironov Arrested for Rs 17 Lakh Digital Fraud,” Undercoverist, 4 January 2025
5 AP News, “Philippine Authorities Arrest More Than 400 People in Suspected Cybercrime Hub,” 27 February 2025
6 Andersen, D.; “S. Korean Influencer Allegedly Led $232M Crypto Scam, 215 Arrested,” 13 November 2024
7 Bennet, S.; “New York Man, Zhipeng Lin, Arrested in Greenwich $496K Scam,” Undercoverist, 15 January 2025
8 Jose, B.; “ChatGPT Can Generate Fake Aadhaar, PAN Cards: Why it May Not be a Cause for Concern,” The Indian Express, 8 April 2025; Legg, M.; McNamara, V.; “AI Is Creating Fake Legal Cases and Making its Way Into Real Courtrooms, with Disastrous Results,” The Conversation, 12 March 2024
9 ISACA©, Cybersecurity Fundamentals Certificate
10 Federal Bureau of Investigation (FBI), “FBI Guidance to Victims of Cyber Incidents on SEC Reporting Requirements”; Australian Cyber Security Centre (ACSC), “Guidelines for Cybersecurity Incidents,” 18 March 2025; Indian Cyber Crime Coordination Centre, Advisory “Digital Arrest Scam”, 6 March 2025
Anuj Choudhary, CISA, CISM, CA, CFE, CIPP/E
Is a distinguished governance, risk, and compliance (GRC) professional with over a decade of expertise in risk management, technology-driven investigations, internal audits, and compliance management. With a deep understanding of regulatory frameworks, forensic methodologies, and antitrust compliance, he has played a pivotal role in safeguarding organizations from financial, operational, and reputational risk.
His career spans marquee global firms, including BDO, EY, Grant Thornton, and Dr. Reddy’s, where he has honed his skills and delivered strategic insights. With 350+ investigations and 1100+ interviews under his belt, he has addressed complex matters spanning regulatory compliance, fraud detection, trade secrets, and crisis management, leading to the recovery of INR 800+ million.
A thought leader in compliance and forensic investigations, Choudhary has contributed extensively to esteemed publications, including Fraud Magazine, The Chartered Accountant, and the ISACA® Journal.
Disclaimer: Please note that this article is written in a personal capacity and does not reflect the views or affiliations of any organizations the author is associated with.