Karnataka's Scam Economy: Social Media as the New Dark Web — and a Cyber Maturity Assessment

The Shift: From Dark Web to Your Phone

Karnataka Police have flagged a structural shift in how cybercriminals operate: the dark web, once the primary marketplace for malware, stolen credentials, and fraud toolkits, is no longer the preferred venue. The action has moved to everyday consumer platforms — Telegram, WhatsApp, Facebook, and Instagram — where criminals sell malware kits, recruit money mules, coordinate investment scams, and run "pig butchering" operations with alarming openness.

Since 2025, Karnataka Police have taken down 465 suspicious groups on Telegram, 61 on WhatsApp, and 268 on Facebook, along with 15 accounts on Instagram — a takedown effort that is significant in scale but, as we will explore, barely keeps pace with the threat. 

Nationally, WhatsApp remains the most exploited platform, with over 43,000 complaints of cyber fraud recorded in just the first three months of 2024. Telegram followed with over 22,000 complaints, while Instagram saw nearly 20,000 reported cases. Karnataka, as India's most cyber-exposed southern state, bears a disproportionate share of this burden.

What makes the social media shift strategically significant is the combination of plausible deniability, scale, and trust exploitation. Encrypted messaging apps provide criminals with operational security that rivals anything on the traditional dark web, while simultaneously allowing them to reach victims through familiar, trusted interfaces. A Telegram group selling APK malware kits or recruiting mule account holders sits just a few taps away from a family chat.

The Scam Ecosystem in Detail

Karnataka now hosts a mature, layered scam economy. The dominant fraud typologies have evolved rapidly:

Investment and "Pig Butchering" Scams remain the highest-value category. A recent case from Karkala illustrates the playbook: cybercriminals used manipulative messaging groups and fabricated digital profit dashboards to convince a victim to transfer ₹56.3 lakh through multiple layered banking transactions. Promised withdrawals never materialised, and repeated requests for repayment were met with delays, demands for further deposits, and ultimately silence.

APK Fraud has emerged as one of the fastest-growing threats. Karnataka recorded 944 APK fraud cases in 2025 compared to 325 in 2024 — a rise of nearly 190%, with 458 complaints already registered by April 2026. Cybercriminals disguise malicious Android package files as wedding invitations, electricity bill notices, courier alerts, and KYC updates to gain access to victims' smartphones and steal banking credentials. Senior citizens, retirees, and digitally inexperienced users are among the worst affected. 

Digital Arrest Fraud has extracted enormous sums even as case numbers have fallen. In just the first 59 days of 2026, victims across Karnataka lost ₹11.6 crore to digital arrest scams, with an average daily loss of nearly ₹19.6 lakh. Recovery was catastrophic — only ₹25.2 lakh was retrieved, amounting to just 2.2% of losses. The tactic — impersonating law enforcement or government officials and threatening victims with arrest — has mutated into fake income tax inquiry calls and hoax kidnapping ransom calls as criminals adapt to awareness campaigns. 

Money Mule Networks underpin all of the above. Telegram groups openly advertise for individuals willing to rent their bank accounts, often targeting young men in financial distress. During the first quarter of 2025 alone, about 38,000 cases were registered through Karnataka's dedicated cybercrime helpline — a number that reflects both rising crime and better reporting infrastructure, though the two are not easy to disaggregate. 

The Financial Toll: An Accelerating Crisis

The scale of losses makes for stark reading. Between 2023 and 2025 (up to 15 November), Karnataka reported 57,733 cases of cyber fraud. Citizens lost a total of ₹5,474 crore across those three years, with police recovering only ₹627 crore — approximately 11%. While case numbers fell from around 22,000 in 2024 to about 13,000 in 2025, losses remained stubbornly high, strongly suggesting that individual scams are growing larger in value and sophistication. 

In 2024 alone, people in Karnataka lost ₹2,948 crore in over 1,36,209 cyber fraud incidents reported on the National Crime Reporting Portal, with ₹2,079 crore of those losses concentrated in Bengaluru city. 

Cyber Maturity Assessment: Karnataka

What follows is a structured assessment of Karnataka's cybersecurity maturity across five dimensions, using a five-level framework (1 = Initial/Ad Hoc → 5 = Optimising).

Dimension 1: Governance and Policy

Rating: 3 / 5 — Defined

Karnataka has built a more deliberate policy architecture than most Indian states. The Karnataka Cabinet approved a Cyber Security Policy in 2023, providing a roadmap for awareness, data security, and coordination between the government, social media platforms, tech industry, and educational institutions. In April 2025, Karnataka became the first state in India to establish a Cyber Command Centre — a unified cybersecurity coordination body under the Cyber Crimes Prevention Unit (CPCU), established following proposals from senior police officers. The state was also the first to create a dedicated cyber police vertical headed by a Director General of Police, supported by 43 cyber police stations. 

However, policy ambition exceeds execution. The Karnataka High Court struck down a 2021 online gaming ban. Multiple task forces and summits have been convened without resolving the fundamental gap between the scale of the threat and the state's capacity to respond. Governance remains reactive rather than anticipatory.

Dimension 2: Law Enforcement Capacity

Rating: 2 / 5 — Developing

This is Karnataka's most critical vulnerability. Despite forming a specialised cyber police vertical and establishing more cybercrime police stations, the amount lost to fraud has not come down significantly — indicating that fraudsters have grown more cunning and are running larger-scale operations. 

Officials have acknowledged that cybercriminals are constantly evolving their tactics even as authorities attempt to counter them through awareness drives and enforcement measures. The 2.2% recovery rate for digital arrest fraud in early 2026 is not simply a lag — it reflects structural limits: by the time an FIR is filed, funds have already passed through multiple mule accounts, been converted to cryptocurrency, and exited Indian jurisdiction. 

Karnataka's Home Minister announced plans to train all constables in cybercrime handling, with training units established in every Superintendent of Police office across the state. More than 33,000 police, judiciary, and defence personnel have received training through the Cybercrime Investigation Training and Research (CCITR) institute. These are meaningful steps, but the cybercrime caseload is growing faster than training throughput. 

The investigative bottleneck at the transnational level is particularly acute. Karnataka's Home Minister has himself acknowledged that "in serious cases, the investigation becomes difficult if foreign companies do not cooperate," and that global collaboration is essential. 

Dimension 3: Threat Detection and Platform Coordination

Rating: 3 / 5 — Defined, trending toward Managed

The takedown of nearly 800 suspicious groups and accounts across platforms since 2025 represents real operational capability and a meaningful working relationship between Karnataka Police and platform providers. The Indian Cybercrime Coordination Centre (I4C) has been pursuing strategic partnerships with tech companies and proactive measures to curb cyber-enabled crimes at the national level, which Karnataka benefits from. 

However, takedown operations are inherently asymmetric: each group removed can be replaced within minutes. The more important question — whether Karnataka has real-time threat intelligence pipelines with platform providers that enable proactive disruption rather than reactive removal — remains unclear from public reporting. The proliferation of mirror URLs and the migration of scam infrastructure across platforms suggest criminals adapt faster than takedown cycles allow.

Dimension 4: Victim Recovery and Financial Tracing

Rating: 1.5 / 5 — Initial

This is the starkest failure point in Karnataka's cyber maturity. An 11% recovery rate on ₹5,474 crore in losses over three years, with Bengaluru city recovering only 4% of losses as of mid-2025, reflects systemic gaps in financial intelligence coordination, speed of freeze orders, and bank-police coordination.

Bengaluru's Police Commissioner has identified delay in reporting as a key challenge: money is quickly transferred across multiple accounts, making tracing harder the longer victims wait. The national cybercrime helpline (1930) is operational, but awareness of the freeze-on-report mechanism remains low. Cryptocurrency conversion and cross-border money movement render many losses unrecoverable by the time investigations begin in earnest. Karnataka urgently needs faster inter-bank freeze protocols, a dedicated cyber-financial intelligence cell, and mandatory rapid-response SLAs with payment platforms.

Dimension 5: Public Awareness and Digital Literacy

Rating: 2.5 / 5 — Developing

Karnataka has invested in awareness through police campaigns, media outreach, and school and college programmes. Yet the persistence of scam typologies across years — pig butchering, digital arrests, APK fraud — against a well-informed public suggests that awareness campaigns are not sufficient. Home Minister Parameshwara has himself cited lack of digital literacy, excessive social media use, and the lure of quick financial gains as key amplifiers of cyber fraud in the state.

The population most at risk — senior citizens, rural smartphone users new to digital banking, and young men targeted for mule recruitment — is precisely the population least reached by conventional awareness channels. Structural digital literacy, embedded in schools, banks, and community organisations, rather than one-time campaigns, is what is needed.

Overall Maturity Rating: 2.4 / 5 — Developing

Karnataka is ahead of most Indian states institutionally — the Cyber Command, the DGP-level vertical, the CCITR training institute, and the 43-station CEN network represent genuine infrastructure. But infrastructure without recovery outcomes is a measure of activity, not effectiveness. Until the state can close the gap between losses and recoveries, and between case volumes and successful prosecutions, its cyber maturity remains firmly in the developing category.

What Needs to Change

The path to maturity requires movement on three fronts simultaneously. First, speed: the golden hour for freezing cybercrime proceeds is measured in minutes, not days. Karnataka needs a dedicated 24/7 financial freeze desk with direct API-level connections to major banks and payment processors.

Second, cross-border enforcement: the majority of serious scam infrastructure originates outside India, often in Southeast Asia. Karnataka's Cyber Command needs direct liaison relationships with Interpol, the Cyber Crime Coordination Centre in Delhi, and bilateral law enforcement partners — not just the ability to refer cases upward.

Third, platform accountability: the shift from dark web to social media platforms is not just a policing challenge — it is a platform governance failure. Karnataka and the central government need to push harder for proactive detection obligations on platforms, not just reactive takedown cooperation. Singapore's experience is instructive: after requiring designated platforms to implement processes to disrupt malicious cyber activity under the Online Criminal Harms Act, scam cases fell significantly across WhatsApp, Telegram, Facebook, and Instagram. India has yet to achieve comparable platform accountability. 

Karnataka has the policy intent and is building the institutional machinery. What it does not yet have is the speed, the financial intelligence infrastructure, or the transnational reach to match a criminal ecosystem that is, by every measure, operating at a higher level of sophistication.