#FactCheck - AI Generated image of Virat Kohli falsely claims to be sand art of a child

Introduction

‍

Imagine a scenario where a call is received by a senior citizen. The phone rings, he picks up. On the other side of the line is a polite and seemingly genuine bank official who informs him that his bank account has somehow been jeopardised and that he should quickly move his money to a safer escrow account right away. Or another situation where a police officer ends up threatening a senior citizen over a video call and places him under a digital arrest, pressuring him to pay up money in order to be set free. 

‍

This is not the storyline of a heist movie. This is the frightening new digital reality of millions of elderly people living all over the world. 

‍

Cybercrime against senior citizens has surged dramatically over the last few years. The year 2023 witnessed people (aged 60 and above), who submitted more than 101,000 complaints to the Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Centre (IC3) in the United States. The total losses reached approximately 3.4 billion dollars, which reflected an increase of 11% in comparison to the previous year. Tech-support scams, investment frauds, government impersonation schemes, etc., have been some of the most recent and significant risks to the financial security of senior citizens.

‍

This sharp increase in cyber fraud that has been targeting the seniors has shocked everyone, from the authorities to families. From phishing emails to fake customer care numbers to various digital payment scams, cyber criminals have deliberately been exploiting the senior population. They have repeatedly displayed the ability to wipe out a senior’s entire lifetime of savings in just a matter of minutes. The rise in cyber scams has been so alarming that even the Supreme Court of India expressed a deep concern over an estimated 3,000 crore rupees that was lost due to digital arrest scams.

‍

Behind these statistics, there have been several individual cases that have revealed the true reality and the personal impact of such scams. The scale of this threat was clearly illustrated when, reportedly, an 86-year-old woman from Mumbai lost 20 crore rupees in a well-planned digital arrest scam in a timeline of 3-4 months between December 2024 and March 2025. In other real-life instances, in December 2025, multiple senior citizens from Hyderabad and Delhi were manipulated into transferring tens of lakhs under the false implication of undergoing a legal action.

‍

This blog aims to focus specifically on the ways and means of:

• How cybercriminals operate against senior citizens, 
• The most typical online scams that target seniors and
• How to quickly identify them.

‍

Revealing the Insides of the Scammer’s Playbook: How They Operate, Trick and Steal

‍

• Picking out the prey: Fraudsters use classified information from various leaked online databases, social media profiles, online images, phone directories and in some instances, even obituaries, to build comprehensive lists of potential and vulnerable senior citizen targets. It may be shocking to know that these scammers could already be aware of your age, bank, city and the details of your family members. 

‍

• Masquerading and trust theatrics: Scammers pose as authoritative figures such as bank officers, RBI (Reserve Bank of India) or tax officials, telecom staff, Microsoft or Apple tech support, CBI (Central Bureau of Investigation), ED (Enforcement Directorate) and even judges. They further support this spectacle by creating professional emails, logos, illegal websites and forged notices. Caller IDs can be spoofed and can even appear in the name of a trusted bank or a government helpline. In digital arrest scams, scammers may build a fake courtroom or police station to showcase their authority and authenticity over video calls. 

‍

• Tugging at emotions and pulling the strings of fear: Cyber fraudsters rarely rely on logic as the basis. Instead, they attack emotions. They may make statements such as: ‘your account is being used for money laundering, you may be arrested today’, thus creating feelings of fear and panic in the mind of the targeted individual. ‘You’ve won a lottery!’, another example that appeals to the emotions of greed and excitement, or ‘Grandma, I’ve been in an accident; please send money and don’t tell anyone’, a classic example that preys on the emotions of love, urgency and concern. 

‍

There are more such illustrations: ‘Once in a lifetime investment opportunity’, ‘verify your details in the next 10 minutes or else your account will be frozen, ‘your computer has been hacked; only our technical team can fix it’, and the list goes on.

‍

• The final grab: Cash, Credentials and Control: After all that pretending and emotional manipulation, cyber criminals make their last and final move that essentially closes the deal. They may ask for OTPs (one-time passwords), internet banking credentials, or remote access via screen sharing mode. In other cases, they may pressurise their victims into making direct UPI (Unified Payments Interface) transfers, RTGS (Real-time Gross Settlement) / NEFT (National Electronic Funds Transfer) transfers and payment in the form of gift cards, vouchers or cryptocurrency. This marks the extraction phase. This is the moment where access and control is attained by the fraudster. After this, financial accounts, sensitive information, data, etc., can all be quickly drained, beyond any chance of recovery. 

‍

Unveiling the Cyber Scam Spectrum

‍

Below are some of the most commonly deployed online scams that are targeted towards the senior citizens of the present day.

‍

1. Imposters in Power: Impersonation scams, on a global level, have proved to be one of the fastest-growing and costliest frauds that occur against seniors. The scammers feign and impersonate officials from banks, income tax departments or even big companies such as Amazon. They would generally warn you about a failed KYC (Know Your Customer) update, your account being blocked or a legal violation. The victim is basically caught off-guard and is forced to share crucial details such as login credentials and OTPs. 

‍

2. The Digital Arrest Scam: From Call to Con: Lately, digital arrest has become one of the most terrifying scams that senior citizens have had to face. Seniors receive a voice call or a video call from someone who claims to be a police officer or a CBI/ED officer. Then, in a strict and authoritative tone, they make false claims about how the elderly’s Aadhaar, PAN (Permanent Account Number) or phone details have come under scrutiny for being linked to serious crimes such as drug trafficking, money laundering and terrorism. They threaten the elderly that they could be put under immediate arrest, their property could be seized, or they could be publicly humiliated. Once they have established fear, they then go on to show fake documents or court orders to corroborate their assertions. 

‍

Thereafter, the senior citizen is informed that he or she has been placed under a digital house arrest. They force the victim to stay on the video call, sometimes for hours and days, ask them to follow certain instructions and repeatedly warn them not to communicate with anyone else. Scammers further exploit the fear of being jailed or the fear of legal action, and gradually extract huge sums of money from the victim. In some cases, this scam can unfold and continue over an extended timeline spanning several months. 

‍

3. Tech Support Hoax: When Help turns Hostile: As per the FBI and other multiple security analyses, tech support scams are the most commonly reported senior citizen-related frauds in the US. 

‍

A pop-up may appear on the elderly’s screen stating that: ‘your computer is infected, call this number now’. Or they might receive a call from a person posing as a tech support person from either Microsoft, Apple, a bank’s IT team or as an internet service provider. He then goes on to guide the elderly to install certain remote access software or to grant screen control access to fix the issue. Once they gain access, they pretend to find some serious infection in the user’s system or they talk about how the speed of the internet is slow and that it needs to be fixed. As a result, they quietly steal passwords, introduce malware into perfectly healthy systems, lock user access and demand ransom in return.

‍

4. Payment App Scams: Phishing, Deadly Links and OTP Snares: Phishing as a cyber scam tactic sits at the heart of many payment app scams that target senior citizens. It may begin with a harmless SMS, an email or a WhatsApp alert. These correspondences may look like they have been received from a trusted bank or a familiar online payment platform.

‍

The messages are engineered in a way that aim at grabbing attention and trigger a feeling of panic and pressure. They push the elderly users who spring into action without any caution or thought. The victim may be urged to click a link, coupled with warnings of a blocked account, a failed transaction, a failed delivery or a KYC update. The message may also ask the user to ‘verify’ certain account details. They send urgent payment links that put pressure on the senior citizen to act immediately and transfer the said amount of money. 

‍

There are also instances where an SMS or WhatsApp link may claim to offer some kind of discount or reward only if the user enters his or her card details, UPI pin or OTP. This is an extremely dangerous scenario. If these details are given away, scammers acquire access to the user’s bank account. 

‍

5. Family in Crisis: Staging Fake Emergencies: These cyber-enabled scams, also known as ‘grandparent scams’, specifically target senior citizens by impersonating their kin and creating a fake impression of them being in some kind of trouble. With the help of methods such as AI (Artificial Intelligence) voice cloning, fraudsters mimic the voice of a grandchild or a family member (which they originally obtain from social media posts or videos), making their deception tactics extremely believable. The caller may claim to be in an accident or could say they have been arrested or are stranded somewhere. They may plead with the senior citizen to make an immediate payment. 

‍

In order to avoid cross verification of their fraudulent claims, they may insist on maintaining secrecy and brainwash their victim to not inform other family members of their made-up dilemma. 

‍

6. Fraudulent Friendships and Hijacked Hearts: For many senior citizens who live alone and in the absence of family and support systems, isolation becomes a vulnerability that is very hard to overcome. Fraudsters, who closely monitor such individuals, wait to seize any opportunity to use this weakness as a gateway to carry out their deceptive schemes. 

‍

‘Companionship scams’ and ‘romance scams’ are slowly turning into a serious problem among older adults. Cyber criminals befriend or connect with older adults on social networking, matrimonial and dating apps under false pretences. As time goes by, sometimes over weeks or months, these scammers work on building emotional intimacy and trust. Once this is accomplished, they then start making requests for money. These requests can be for (fake) medical emergencies, visas, travel tickets or business deals. Sadly, victims, who are already deeply invested emotionally, end up making these money transfers, sometimes losing their lifetime savings in the process. 

‍

In some cases, when things go too far, intimate photos or private conversations are later used by cyber fraudsters for sextortion. They threaten to leak these personal materials unless the victim pays money, further adding elements of fear and pressure to an already manipulative situation.

‍

7. Fraud in the name of Health and Benefits: For most senior citizens, their daily life depends on access to basic healthcare, uninterrupted pensions and government benefits. These systems are put in place to provide not just for the seniors’ financial stability, but also to ensure their peace of mind. 

‍

Conversely, fraudsters exploit this dependability. Fake medical offers, insurance plans, benefit claims and pension enhancement schemes, etc., are some of the methods that are being used to defraud the seniors. Scammers offer free medical equipment or health checkups in exchange for personal information related to banking and finances. 

‍

Another dangerous facet of these scams is ‘counterfeit medications’. These are sold under false claims and big promises and are advertised in a manner that tempts seniors to go for it. These fake medicines not only lead to loss of money but also gravely impact the elderly’s health. 

‍

Spot the Scam: Tips to Identify Early Warning Signs before the Scam Unfolds

‍

Cyber criminals are clever, creative and notorious, but their tricks come with familiar warning signs. Timely recognition of these signs can save senior citizens from falling into the scammer’s trap. Some of the most common and apparent warning signs are discussed below:

‍

• Don’t think fast, think twice! The urgency ploy: Cyber criminals thrive on creating a situation of panic and urgency. In instances where a senior citizen feels that he or she is being pushed towards rushed choices, it is better to take a step back to pause and think. Any unreasonable demand to act ‘immediately’ or within minutes, especially when it involves a transfer of money or confidential information, is very likely to be a scam. Not giving in to this hasty push can save the individual from getting tangled in the scammer’s web of lies.

‍

• Scammer’s best friend: Secrecy and silence: First comes the urgency, and then comes the demand to stay silent. Scammers strategically cite and invent so-called ‘security reasons’ and instruct their elderly victims not to inform their bank, friends or family of their situation. This secrecy prevents verification and keeps the victim trapped. Recognising this forced isolation can stop a cybercrime before it escalates and gets out of hand.

‍

• Red flag! When the deal sounds unreal: Scammers lure elderly victims with extraordinary offers and deals. Lottery wins, miracle investment returns, massive discounts or exclusive time-bound rewards are a few examples. These larger-than-life promises are designed in a manner that clouds an elderly person’s sound judgment. Therefore, if an offer feels too good to be true and unlike anything anyone’s ever heard before, then that’s the time to pause and take a step back. In almost all such cases, these unbelievable deals are simply a bait for a looming scam. 

‍

• Beware! They want your access codes: Senior citizens need to exercise extra caution when it comes to handing out their personal access codes. No legitimate bank, government office or reputable company will directly ask for OTPs, PINs or full passwords over calls or messaging apps. If someone asks for such details, it is an indication that a fraud may be imminent. 

‍

• Don’t pay just yet! Dubious payment gambits: If demands for payments are made in the form of gift cards, cryptocurrency or wire transfers to personal or unknown accounts, it is most definitely a scam. Scammers use these unconventional payment methods to avoid traceability. This strategy allows them to easily disappear with the victim’s funds, which in turn makes recovery of the stolen money nearly impossible.

‍

• Threats and intimidation over a phone call: Hang up! It’s a scam: It is important to understand that legitimate police and court proceedings do not take place over calls or messaging apps. Genuine officials will never demand or negotiate fines, legal payments or bail online. If someone uses the intimidation ploy on a senior citizen and threatens him with legal trouble or police action unless some money is paid, then that’s a clear warning sign of a cyber scam. 

‍

Empowered, not Exploited: When Knowledge Becomes the Best Defence

‍

Cyber scams targeting senior citizens are a deliberate and very well-orchestrated industry that thrives on uncertainty, ignorance and fear. The call of the moment is for the elderly and their families to turn awareness into armour. Knowledge about how scammers operate, how they steal, and the techniques they employ can prepare and empower our seniors to protect themselves in such critical situations. The early warning signs mentioned above are more than just mere cautions. They should be taken as ‘cues’ to ‘pause, reflect and re-check’. Being wary of unsolicited communication, safeguarding financial information, double-checking hurried correspondences, etc., can nip a scam in the bud before it plays out. Most importantly, digital safety for the senior citizens is a unified and collaborative responsibility that every responsible individual of the society needs to undertake. 

‍

References

‍

• https://frontline.thehindu.com/social-issues/ai-deepfake-digital-arrest-scams-india-cybercrime/article70587955.ece
• https://www.ic3.gov/annualreport/reports/2023_ic3elderfraudreport.pdf
• https://www.thehindu.com/news/national/supreme-court-shocked-over-3000-crore-loss-in-digital-arrest-scams/article70235621.ece
• https://www.thehindu.com/news/cities/mumbai/elderly-woman-loses-20-crore-to-digital-arrest-fraud-3-held/article69353437.ece
• https://timesofindia.indiatimes.com/city/hyderabad/three-senior-citizens-duped-of-rs-1-7cr-in-digital-arrest-scam-spree/articleshow/125876194.cms
• https://www.aninews.in/news/national/general-news/82-year-old-senior-citizen-digitally-arrested-and-cheated-of-rs-116-crore-cyber-cell-arrests-three-key-members-of-syndicate20251213145528/
• https://crr.bc.edu/preventing-cyber-scams-that-target-seniors/
• https://dos.ny.gov/scams-targeting-older-adults
• https://indianexpress.com/article/cities/chandigarh/victims-in-8-of-top-10-digital-arrest-scams-in-chandigarh-are-senior-citizens-data-reveals-10444252/
• https://www.seniorliving.org/research/common-elderly-scams/
• https://www.ftc.gov/news-events/data-visualizations/data-spotlight/2025/08/false-alarm-real-scam-how-scammers-are-stealing-older-adults-life-savings
• https://www.psca.org/news/psca-news/2025/8/scams-against-seniors-increasing-dramatically-ftc-warns/
• https://www.pcmatic.com/blog/the-rising-threat-of-elder-fraud-insights-from-ic3s-2023-report/?srsltid=AfmBOorC069NIYFwFO0W56nPcg_K0Wfv_oq0V-MI7fImI5ityAUrQTO9
• https://www.quickheal.co.in/knowledge-centre/guarding-our-elders-a-comprehensive-report-on-the-elder-fraud-epidemic-in-india/?srsltid=AfmBOorviPvoRuecjsOtAfVxyQEJF2vyICnr15GqbDfP1m3UXAnXndMw
• https://www.ncoa.org/article/top-5-financial-scams-targeting-older-adults/
• https://www.uchealth.org/today/elder-fraud-is-rising-and-it-is-hurting-more-than-just-finances/
• https://centerlighthealthcare.org/protecting-yourself-online-recognizing-and-avoiding-online-scams/

‍

Executive Summary:

On July 4, 2024, a giant password dump,  “RockYou2024” was posted on a cybercrime marketplace containing 9,948,575,739 plain-text credentials. This blog explains the technical aspects of this leakage and its consequences in the sphere of information security. 

RockYou2024 is a list of passwords obtained from different data breaches ranging over the course of more than twenty years. It integrates older passwords with the lexical database with the additional passwords from the recent hacks, thereby, cumulating the database of genuine and existing passwords. The compilation is said to contain data from more than 4,000 databases putting the tool in the hands of potential attackers. RockYou owns the name to this type of attack since a data breach attacked a social media company named , “RockYou'' and released  3.2 million users’ passwords as a .txt file. Since then, the term gained a common meaning connected with mass password data breaches. 

Technical Implications:

• Credential Stuffing Attacks: The RockYou2024 list comprises a great number of actual passwords that increases the likelihood of credential stuffing attacks. With this, the attackers help themselves with an opportunity to try to gain unlawful access into several online accounts that a user may have, particularly ones where an individual re-uses the same password. 

• Brute-Force Attacks: The collection is extensive for brute force attack on systems that have no protection against such exercise. This is especially the case for devices and services that are exposed to the internet and which may use either weak or factory-set alphanumeric codes. 

• Password Cracking: Web compilations that include such lists are often employed by security specialists and penetration testers who use John the Ripper or Hashcat to check the password’s strength or the system’s susceptibility to attacks. 

• Machine Learning Models: The dataset could be used to create machine learning models for password prediction or analysis, which would only lead to further better methods to be used in the attacks. 

Countermeasures / Mitigation:

Below are the technical risk/process operating proposed to reduce the risks associated with RockYou2024: 

• Password Hashing: It is necessary to ensure that all the passwords required to be saved should be encrypted in one of the most secure algorithms like bcrypt, Argon2, or PBKDF2 along with a reasonable number of iterations. 

• Salt and Pepper: The features for both salting and peppering should also be enabled to complicate the cracking of passwords even after the hashed password databases have been procured. 

• Multi-Factor Authentication (MFA): Ensure the usage of complex passwords in addition to deploying MFA across all the technological systems and services within the company. 

• Password Strength Policies: Adhere to  password policies for features  like the length, strength of the passwords and the change in password frequency. 

• Rate Limiting and Account Lockouts: Inactivity methods must be used on consecutive attempts to log in and to the temporary lock out after so many attempts in a bid to discourage brute force attacks. 

• Monitoring and Alerting: There should be measures in place to monitor for any violations such as login tappings or a form of credential stuffings and there should be alerts, where securities risks are likely to arise, in real time. 

• API Security: The following proper API security measures that will result in the prevention of the following attacks; rate limiting, input validation, and token. 

• Web Application Firewalls (WAF): To defend against threats from the internet for potential credential stuffing or brute-forcing the authentication process, utilize WAFs to operate at the application layer. 

Analyzing the Impact:

To understand the potential impact of RockYou2024, organizations should assess the possible effects of RockYou2024, such as: 

• Conduct Password Audits: LeakYou2024 scan current passwords database with RockYou2024 (in ethical and safe methods) and see which accounts have been compromised. 

• Implement Continuous Monitoring: If this is a monthly or weekly event then there must be new information on data breaches and act on it concerning new security changes. 

• Educate Users: Continued security consciousness training, regarding the effective protection of an individual’s password in combination with a password generator. 

• Perform Penetration Testing: It is suggested to conduct penetration testing at least twice a year to find out if there are vulnerabilities in the systems and applications in the current use. 

Conclusion:

The RockYou2024 leaked password database is a serious security risk; it contains almost 10 billion account credentials. This unprecedented leak further increases the exposure to credential stuffing, brute force and password cracking attacks. To deal with these threats, organizations need to have measures that include password hashing, multi-factor authentication, password strengthening and password audit. Patching, user awareness, bandit activities are imperative to prevent future invasions and strengthen the cyber security posture.

References :

• https://statanalytica.com/blog/rockyou-2024-txt-password/
• https://dig.watch/updates/rockyou2024-password-leak-exposes-nearly-10-billion-unique-passwords
• https://complexdiscovery.com/rockyou2024-leak-nearly-10-billion-passwords-exposed-heightening-cybersecurity-risks-for-businesses/

‍

Introduction

The Telecom Regulatory Authority of India (TRAI) has directed all telcos to set up detection systems based on Artificial Intelligence and Machine Learning (AI/ML) technologies in order to identify and control spam calls and text messages from unregistered telemarketers (UTMs).

The TRAI Directed telcos

The telecom regulator, TRAI, has directed all Access Providers to detect Unsolicited commercial communication (UCC)by systems, which is based on Artificial Intelligence and Machine Learning to detect, identify, and act against senders of Commercial Communication who are not registered in accordance with the provisions of the Telecom Commercial Communication Customer Preference Regulations, 2018 (TCCCPR-2018). Unregistered Telemarketers (UTMs) are entities that do not register with Access Providers and use 10-digit mobile numbers to send commercial communications via SMS or calls.

TRAI steps to curb Unsolicited commercial communication

TRAI has taken several initiatives to reduce Unsolicited Commercial Communication (UCC), which is a major source of annoyance for the public. It has resulted in fewer complaints filed against Registered Telemarketers (RTMs). Despite the TSPs’ efforts, UCC from Unregistered Telemarketers (UTMs) continues. Sometimes, these UTMs use messages with bogus URLs and phone numbers to trick clients into revealing crucial information, leading to financial loss.

To detect, identify, and prosecute all Unregistered Telemarketers (UTMs), the TRAI has mandated that Access Service Providers implement the UCC.

Detect the System with the necessary functionalities within the TRAI’s Telecom Commercial Communication Customer Preference Regulations, 2018 framework.

Access service providers have implemented such detection systems based on their applicability and practicality. However, because UTMs are constantly creating new strategies for sending unwanted communications, the present UCC detection systems provided by Access Service providers cannot detect such UCC.

TRAI also Directs Telecom Providers to Set Up Digital Platform for Customer Consent to Curb Promotional Calls and Messages.

Unregistered Telemarketers (UTMs) sometimes use messages with fake URLs and phone numbers to trick customers into revealing essential information, resulting in financial loss.

TRAI has urged businesses like banks, insurance companies, financial institutions, and others to re-verify their SMS content templates with telcos within two weeks. It also directed telecom companies to stop misusing commercial messaging templates within the next 45 days.

The telecom regulator has also instructed operators to limit the number of variables in a content template to three. However, if any business intends to utilise more than three variables in a content template for communicating with their users, this should be permitted only after examining the example message, as well as adequate justifications and justification.

In order to ensure consistency in UCC Detect System implementations, TRAI has directed all Access Providers to deploy UCC and detect systems based on artificial intelligence and Machine Learning that are capable of constantly evolving to deal with new signatures, patterns, and techniques used by UTMs.

Access Providers have also been directed to use the DLT platform to share intelligence with others. Access Providers have also been asked to ensure that such UCC Detect System detects senders that send unsolicited commercial communications in bulk and do not comply with the requirements. All Access Providers are directed to follow the instructions and provide an update on actions done within thirty days.

The move by TRAI is to curb the menacing calls as due to this, the number of scam cases is increasing, and now a new trend of scams started as recently, a Twitter user reported receiving an automated call from +91 96681 9555 with the message “This call is from Delhi Police.” It then asked her to stay in the queue since some of her documents needed to be picked up. Then he said he works as a sub-inspector at the Kirti Nagar police station in New Delhi. He then inquired whether she had recently misplaced her Aadhaar card, PAN card, or ATM card, to which she replied ‘no’. The scammer then poses as a cop and requests that she authenticate the last four digits of her card because they have found a card with her name on it. And a lot of other people tweeted about it.

Conclusion

TRAI directed the telcos to check the calls and messages from Unregistered numbers. This step of TRAI will curb the pesky calls and messages and catch the Frauds who are not registered with the regulation. Sometimes the unregistered sender sends fraudulent links, and through these fraudulent calls and messages, the sender tries to take the personal information of the customers, which results in financial losses.