India's fraud problem no longer has a single shape. Three years ago, a forensic brief on financial crime in India would have centred on bank fraud, round-tripping and the occasional Ponzi scheme. Today, the same brief has to account for AI-generated voice clones convincing a finance manager to authorise a wire transfer, a “trusted” WhatsApp contact who spends eight months building a relationship before proposing a crypto investment, and a network of shell firms that exists solely to generate GST input tax credit that was never earned. The mechanics differ, but the direction of travel is the same across all three: fraud in India has become faster, more automated and harder to attribute to a single, identifiable actor - precisely as digital payments, digital assets and digital trade documentation have become the default rails on which value moves.
This matters for disputes practitioners for a structural reason, not just a topical one. Fraud that starts in a WhatsApp chat or a fabricated e-invoice increasingly ends up as the central factual dispute in a commercial arbitration, an insolvency proceeding, or a regulatory enforcement action. Understanding how the fraud was actually constructed - not just that it occurred - is now a precondition for building or defending a case around it.
Crypto Fraud: From Hacks to Human Engineering
The crypto fraud conversation in India has shifted noticeably. Exchange hacks and wallet exploits still happen, but the volume of loss is increasingly driven by something much older dressed in new technology: long-form social engineering, now commonly called “pig-butchering” for the way a scammer deliberately fattens a target's trust before the financial kill.
The pattern is consistent across the cases now surfacing in Indian police and Enforcement Directorate (ED) records. A stranger makes contact - often through a wrong-number text or a professional networking app - and invests weeks or months in a relationship before introducing a crypto trading opportunity. Early “withdrawals” are allowed to succeed, building confidence, before the victim is persuaded to commit a much larger sum that never comes back. One representative case, still working through investigation in Punjab, saw an industrialist lose close to ₹19.8 crore over an eight-month relationship with a scammer operating under a fabricated identity, before contact was cut the moment the money was extracted. The case is one of thousands with a similar structure now on Indian police books.
The scale of the enforcement response gives a sense of how large this has become globally, with a direct India dimension. In the first four months of 2026 alone, a coordinated multi-country operation arrested 276 suspects, dismantled nine scam-centre operations, and seized crypto assets worth roughly ₹5,800 crore - more enforcement action against pig-butchering networks than in the entire preceding decade combined. Indian victims feature prominently in these networks, which are frequently run from scam compounds in Southeast Asia, staffed in part by trafficked workers coerced into running the scripts.
Ponzi-style crypto schemes remain a parallel and still-active problem. The Enforcement Directorate's action against the Highrich Group - a Kerala-based operation that raised an estimated ₹1,500 crore from investors on the promise of guaranteed returns and a proprietary “HR Crypto Coin,” before roughly ₹260 crore in cash, bank deposits and property was frozen - is one of several such actions in recent years, and the underlying playbook (guaranteed returns, steep referral commissions, a thin veneer of blockchain terminology) has proven durable even as enforcement catches up with individual schemes.
What has genuinely changed is the delivery mechanism. Indian authorities have flagged a rising volume of fraudulent advertisements on major social and search platforms promoting fake trading apps and investment platforms, prompting India's cybercrime coordination apparatus to work directly with large platform operators to flag and remove malicious ads before they reach scale. For a fraud typology that used to rely on cold calls and forwarded messages, the shift to programmatic advertising is a meaningful escalation - it lets a scam operation acquire victims at the speed and scale of a legitimate digital marketing campaign.
For expert witnesses and forensic accountants, the practical consequence is that crypto fraud increasingly presents less as a technical hacking problem and more as an evidentiary reconstruction problem: proving the narrative of manipulation, the flow of funds through wallets and off-ramps, and the identity behind a persona that may have existed only for the duration of the scam.
Digital Payments Fraud: Volume Is Down, Sophistication Is Up
The headline numbers on India's most-used payment rail are, on their face, encouraging. UPI-linked fraud losses have fallen from ₹1,087 crore in FY24 to ₹981 crore in FY25, with government data reported to Parliament showing roughly ₹805 crore lost through November of FY26. Falling absolute losses on a payment system now processing tens of billions of transactions a year is a genuine achievement of the compliance and monitoring infrastructure banks and the National Payments Corporation of India have built.
But the aggregate figure understates how the fraud itself has evolved. Survey data suggests roughly one in five Indian households with a UPI user has experienced fraud at least once in the past three years — and more tellingly, just over half of those victims never filed a formal complaint, meaning official statistics likely understate the true incidence by a wide margin. The fraud that is happening has also become materially more expensive per incident and harder to detect at the point of transaction.
Three trends stand out as genuinely new rather than incremental.
The first is the “digital arrest” scam, now one of the fastest-growing categories of cyber fraud by value in India. The mechanic is psychological rather than technical: a victim receives a call, often on video, from someone impersonating a police officer, customs official or investigative agency, alleging the victim is implicated in a serious crime - money laundering, a parcel containing contraband, or similar - and must remain on video call and transfer funds to “prove innocence” or avoid arrest. These scams now account for roughly 8-9 per cent of total reported cyber-fraud losses in India, and the average loss per victim has climbed nearly sevenfold in two years, from around ₹22,800 in 2022 to over ₹1.56 lakh in 2024 - a clear signal that these operations have refined their targeting toward higher-net-worth individuals. A significant share of the digital-arrest infrastructure has been traced to call centres operating out of Southeast Asian scam compounds, coordinating through the same criminal networks increasingly implicated in crypto fraud.
The second is deepfake-enabled social engineering, which has moved from a theoretical risk to a mainstream one within about two years. Survey data now suggests close to half of Indian adults have either experienced or know someone who has experienced an AI voice-cloning or deepfake scam - roughly double the global average — with the large majority of those victims suffering a direct financial loss. The technical barrier has collapsed: a usable voice clone can now be built from three to five seconds of audio pulled from a social media video or a leaked call recording, and face-swap and voice-cloning tools are available as low-cost fraud-as-a-service subscriptions. The damage is not confined to individuals - corporate finance teams have been targeted with fabricated video calls in which every other “participant,” including a senior executive, is an AI-generated likeness authorising a transfer. Regulators have started to respond: new takedown rules require flagged deepfake content to be removed from platforms within three hours of a government or court order, though enforcement against the underlying fraud, as opposed to the content, remains a harder problem.
The third is the mule-account economy that underpins almost all of the above. Stolen or scammed funds rarely stay in one account; they are moved rapidly through networks of “mule” accounts - often opened using compromised identities, recruited students, or unemployed individuals paid a small fee - to break the audit trail before the victim or bank can act. In 2025 alone, Indian authorities deactivated 1.2 million SIM cards linked to fraud and froze 1.33 million mule accounts, recovering roughly ₹5,489 crore in the process - a scale of enforcement activity that would have been unthinkable five years ago, and one that reflects how central mule-account disruption has become to fraud response generally.
The regulatory response is now catching up to the typology. The Reserve Bank of India's April 2026 discussion paper proposes several structural changes aimed squarely at these patterns: a one-hour delay on peer-to-peer UPI transfers above ₹10,000 to create a window for fraud intervention, a trusted-contact authentication layer for senior citizens and persons with disabilities, an annual cap of ₹25 lakh on UPI credits into any single account specifically to blunt the mule-account model, and a “kill switch” mechanism allowing near-instant deactivation of a compromised UPI handle. None of these proposals directly targets deepfakes or digital-arrest scams - those remain fundamentally a law-enforcement and platform-cooperation problem rather than one a payment-rail redesign can solve - but together they represent the most significant rethink of UPI's fraud-control architecture since the system launched.
Supply-Chain Finance Fraud: The Quiet Erosion Inside Legitimate Trade
If crypto and digital-payments fraud tend to target individuals, the third emerging front operates almost entirely inside the machinery of legitimate business - and is, in some respects, harder to detect because it is designed to look exactly like ordinary commercial activity.
The largest and best-documented version of this problem in India runs through the Goods and Services Tax system. The mechanism is straightforward in concept: a network of shell firms - companies that exist on paper, with registered addresses and GST numbers, but conduct no real business - issues invoices for goods or services that are never actually supplied. A beneficiary company uses those invoices to claim input tax credit, reducing its real tax liability, while the shell firms generate e-way bills and circular trading patterns that create the appearance of a genuine, moving supply chain. Funds are routed through multiple bank accounts and withdrawn quickly to break the audit trail, mirroring exactly the mule-account pattern used in retail digital-payments fraud, just at a commercial scale.
The numbers involved are large by any measure. India's Directorate General of GST Intelligence detected roughly ₹36,374 crore in fraudulent input tax credit claims in FY25 alone, arresting 182 people and identifying over 15,000 fake entities in the process. Across the five financial years to FY25, cumulative GST evasion detected across all categories reached approximately ₹7.08 lakh crore across more than 91,000 cases, with roughly ₹1.79 lakh crore of that specifically attributable to input tax credit fraud. These are not isolated incidents; they describe a persistent, adaptive shadow economy of shell entities that regenerates faster than individual enforcement actions can close it down; recent cases from Andhra Pradesh, Telangana and Gujarat, each running into hundreds of crores through networks of dozens or hundreds of shell firms, illustrate how routine this typology has become at the state enforcement level.
The significance for disputes and forensic practitioners is a legal one as much as a factual one: large-scale GST fraud, including fake invoicing, is now treated as a predicate offence under the Prevention of Money Laundering Act. That designation gives the Enforcement Directorate an independent basis to investigate what would otherwise be a purely tax matter, meaning a company implicated in a GST fraud network - even as an unwitting counterparty - can find itself facing a PMLA investigation with asset-attachment powers well beyond what the tax authority alone could exercise.
A second, less publicised but structurally similar risk sits inside the digital infrastructure built to help small businesses raise working capital. The Trade Receivables Discounting System (TReDS) - the RBI-regulated platform ecosystem that lets MSMEs sell approved invoices to financiers - has had to build increasingly sophisticated technical safeguards against a specific fraud pattern: the same invoice, or a fabricated one, being discounted more than once across different financiers, or receivables being generated against transactions that never happened. The licensed TReDS exchanges have moved through successive generations of anti-fraud infrastructure - from blockchain-based invoice fingerprinting to a newer, cloud-based “secure financing” architecture - specifically to close the double-discounting gap, after companies raised concerns about invoices being generated in their name without authorisation. The direction of the fix - moving from a single shared ledger toward more sophisticated matching infrastructure - reflects how quickly fraud actors adapted to the first generation of controls.
Traditional trade finance instruments have not been immune either. Letter-of-credit devolvement, bank guarantee invocation patterns, and invoices lacking proper supporting detail are now explicitly named as early-warning indicators under the Reserve Bank of India's July 2024 Master Direction on Fraud Risk Management — a consolidated framework requiring banks to build red-flagging systems that integrate directly with core banking infrastructure, rather than relying on periodic manual review. The inclusion of trade-finance-specific indicators in a fraud framework that used to focus primarily on loan and account-level red flags is itself a signal of how significant this category has become to regulators.
There is also a structural gap that international assessors have flagged directly. The Financial Action Task Force's most recent evaluation of India's anti-money-laundering framework, while broadly positive on India's overall compliance architecture, specifically identified weaknesses in how trade-based money laundering is monitored - pointing to the absence of harmonised data-sharing between customs authorities and financial regulators as a structural blind spot. In practice, this means the same shell-firm and circular-invoicing techniques used domestically for GST fraud can be, and increasingly are, extended across borders through over- or under-invoiced trade transactions, with far less coordinated detection capability than exists for a comparable domestic transaction.
What Connects the Three
Read individually, crypto fraud, digital-payments fraud and supply-chain finance fraud look like three separate specialisms. Read together, three common threads emerge that matter more than any single statistic.
The first is automation of trust. Whether it is a scripted eight-month relationship engineered to extract a crypto investment, an AI-generated voice authorising a wire transfer, or a template shell-firm structure replicated across fifteen thousand entities, the common feature is that a task which once required a skilled individual fraudster now runs at industrial scale with a fraction of the labour. This is the single biggest driver of the volume increase across all three categories.
The second is the deliberate exploitation of legitimate infrastructure. Pig-butchering scams use real crypto exchanges as off-ramps. Digital-arrest scams use real UPI rails to extract funds. GST fraud uses the real input tax credit mechanism exactly as designed, just against fictitious transactions. None of these frauds depend on breaking a system; they depend on using a legitimate system's own rules against it, which makes conventional security controls largely irrelevant and makes behavioural and network-level analysis the primary defence.
The third is jurisdictional distance. A meaningful share of the crypto and digital-payments fraud now hitting Indian victims originates from criminal infrastructure physically located outside India - predominantly in Southeast Asia - while GST fraud networks, though domestic, exploit exactly the same cross-agency coordination gaps that make cross-border enforcement difficult. In both cases, the practical bottleneck is the same: India's individual regulators and investigative agencies are each reasonably well equipped within their own domain, but the fraud typologies increasingly straddle domains that were never designed to talk to each other in real time.
What This Means for Attorneys and Expert Witnesses
For counsel and experts working in disputes with a fraud dimension, three practical implications follow directly from this shift.
First, the factual reconstruction of a fraud now routinely spans multiple evidentiary domains at once - a WhatsApp or call-log record of the social-engineering narrative, a blockchain or UPI transaction trail, and a documentary record of invoices, e-way bills or GST filings. An expert who can only speak to one of these domains is of limited use; the strongest forensic engagements now combine behavioural, financial and digital-forensic analysis in a single, coherent narrative that a tribunal or court can follow.
Second, counterparty risk in ordinary commercial dealings has widened. A company doing business with a supplier that turns out to be, or to be connected to, a shell-firm network in a GST fraud scheme can face PMLA exposure through no direct wrongdoing of its own. Due diligence on counterparties - historically focused on financial solvency and litigation history - increasingly needs to account for the possibility of GST and invoicing irregularities that only become visible through transaction-pattern analysis rather than a standard company search.
Third, the pace of regulatory change in this space is now fast enough that advice given even a year ago may be stale. RBI's proposed UPI reforms, the July 2024 Fraud Risk Management Master Direction, and the increasing use of PMLA against GST fraud networks have all landed within a relatively short window, and each changes the calculus for how a fraud matter should be investigated, reported and litigated. Attorneys advising clients on fraud exposure - whether as victims, counterparties, or respondents - need forensic partners who are tracking the regulatory architecture in close to real time, not just the underlying fraud typology.
Takeaways
Fraud in India has industrialised across all three of its fastest-growing fronts - crypto, digital payments and supply-chain finance - and the common driver is automation, not any single new technology. Pig-butchering scams, deepfake-enabled social engineering and templated shell-firm networks all substitute scale for skill, which is why volumes and losses have grown so quickly even as individual schemes are unsophisticated in isolation.
The regulatory response is real but fragmented. RBI's proposed UPI reforms, the 2024 Fraud Risk Management Master Direction, and PMLA's extension to large-scale GST fraud each close a specific gap - but the cross-agency and cross-border coordination that would close the gaps between them remains, by FATF's own assessment, a work in progress.
For disputes practitioners, the operational lesson is that fraud evidence today is rarely single-domain. Building or defending a case involving crypto, digital-payments or supply-chain fraud increasingly requires an expert who can move fluently between behavioural analysis, transaction forensics and regulatory framework - and counsel who engage that expertise early are consistently better positioned than those who treat it as an afterthought.
Position yourself where the legal industry looks for expertise - sign up on exlitem.com to get discovered by leading lawyers and high-value clients.



