Quick SMS Header Information: A New Feature by the Ministry of Communications

AI and other technologies are advancing rapidly. This has ensured the rapid spread of information, and even misinformation. LLMs have their advantages, but they also come with drawbacks, such as confident but inaccurate responses due to limitations in their training data. The evidence-driven retrieval systems aim to address this issue by using and incorporating factual information during response generation to prevent hallucination and retrieve accurate responses.

What is Retrieval-Augmented Response Generation?

Evidence-driven Retrieval Augmented Generation (or RAG) is an AI framework that improves the accuracy and reliability of large language models (LLMs) by grounding them in external knowledge bases. RAG systems combine the generative power of LLMs with a dynamic information retrieval mechanism. The standard AI models rely solely on pre-trained knowledge and pattern recognition to generate text. RAG pulls in credible, up-to-date information from various sources during the response generation process. RAG integrates real-time evidence retrieval with AI-based responses, combining large-scale data with reliable sources to combat misinformation. It follows the pattern of:

• Query Identification: When misinformation is detected or a query is raised.
• Evidence Retrieval: The AI searches databases for relevant, credible evidence to support or refute the claim.
• Response Generation: Using the evidence, the system generates a fact-based response that addresses the claim.

How is Evidence-Driven RAG the key to Fighting Misinformation?

• RAG systems can integrate the latest data, providing information on recent scientific discoveries.
• The retrieval mechanism allows RAG systems to pull specific, relevant information for each query, tailoring the response to a particular user’s needs.
• RAG systems can provide sources for their information, enhancing accountability and allowing users to verify claims.
• Especially for those requiring specific or specialised knowledge, RAG systems can excel where traditional models might struggle.
• By accessing a diverse range of up-to-date sources, RAG systems may offer more balanced viewpoints, unlike traditional LLMs.

Policy Implications and the Role of Regulation

With its potential to enhance content accuracy, RAG also intersects with important regulatory considerations. India has one of the largest internet user bases globally, and the challenges of managing misinformation are particularly pronounced.

• Indian regulators, such as MeitY, play a key role in guiding technology regulation. Similar to the EU's Digital Services Act, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, mandate platforms to publish compliance reports detailing actions against misinformation. Integrating RAG systems can help ensure accurate, legally accountable content moderation. 
• Collaboration among companies, policymakers, and academia is crucial for RAG adaptation, addressing local languages and cultural nuances while safeguarding free expression. 
• Ethical considerations are vital to prevent social unrest, requiring transparency in RAG operations, including evidence retrieval and content classification. This balance can create a safer online environment while curbing misinformation.

Challenges and Limitations of RAG

While RAG holds significant promise, it has its challenges and limitations.

• Ensuring that RAG systems retrieve evidence only from trusted and credible sources is a key challenge. 
• For RAG to be effective, users must trust the system. Sceptics of content moderation may show resistance to accepting the system’s responses. 
• Generating a response too quickly may compromise the quality of the evidence while taking too long can allow misinformation to spread unchecked.

Conclusion

Evidence-driven retrieval systems, such as Retrieval-Augmented Generation, represent a pivotal advancement in the ongoing battle against misinformation. By integrating real-time data and credible sources into AI-generated responses, RAG enhances the reliability and transparency of online content moderation. It addresses the limitations of traditional AI models and aligns with regulatory frameworks aimed at maintaining digital accountability, as seen in India and globally. However, the successful deployment of RAG requires overcoming challenges related to source credibility, user trust, and response efficiency. Collaboration between technology providers, policymakers, and academic experts can foster the navigation of these to create a safer and more accurate online environment. As digital landscapes evolve, RAG systems offer a promising path forward, ensuring that technological progress is matched by a commitment to truth and informed discourse.

References

• https://experts.illinois.edu/en/publications/evidence-driven-retrieval-augmented-response-generation-for-onlin 
• https://research.ibm.com/blog/retrieval-augmented-generation-RAG 
• https://medium.com/@mpuig/rag-systems-vs-traditional-language-models-a-new-era-of-ai-powered-information-retrieval-887ec31c15a0 
• https://www.researchgate.net/publication/383701402_Web_Retrieval_Agents_for_Evidence-Based_Misinformation_Detection 

‍

Introduction

‍

On June 2nd, 2026, even as thousands of Class 12 students across the nation flocked to submit re-evaluation and verification applications on the CBSE’s newly rolled-out On-Screen Marking (OSM) portal, a decidedly different kind of visitor had logged in an attacker carrying automation scripts, botnet traffic, and malicious intentions to either shut the system down or steal its contents. The attack, which CBSE then openly reported on its official X account, flooded the portal with 1.5 million hits in two minutes and sent over a lakh unauthorized file access attempts.

‍

Understanding the Attack Architecture: The Two-Pronged Operation

‍

The CBSE cyberattack was actually not a single exploit but rather a layered, orchestrated attack. The attack can be understood in two prongs:

‍

1. The DoS Attack:Firstly, attackers initiated a large-scale DoS (Denial of Service) attack, producing approximately 1.5 million requests in 120 seconds, or approximately 12,500 per second, in order to saturate the server. By overloading the systems with bogus requests, the attackers sought not just to disable the site but also to throw off security personnel from their primary task of stabilizing the portal during its launch period.

‍

The File Probing: These attacks usually include the following methods:

‍

1. Path Traversal Attacks - Attackers will attempt to navigate outside of the current directory by supplying inputs such as "../../etc/passwd" in URL parameters or in a file upload. 
2. Forced Browsing / Directory Enumeration - An attacker may have used tools to attempt to find vulnerable files and directories like answer sheets, exam scans, student identification documents, and admin-related files by systematically guessing names.
3. API Endpoint Fuzzing: If any REST or GraphQL API was present for the portal, the attacker may have tried sending a various number of inputs to parameters to attempt to retrieve records, find IDORs, or escalate privileges. 
4. Session Token Harvesting - For high-load environments, some systems may use insecure session management. Attackers would attempt to predict or guess the token to hijack another student's or administrator's session.

‍

‍

Why Are Educational Portals High-Value Targets?

‍

Here's why the Indian education sector is an attractive target for cyber-attacks:

‍

1. Concentrated PII: Millions of students are present on these education portals, and their data (names, birth dates, Aadhaar linkage information, parents' details, address, education profiles, etc.) is of the highest value on the dark web and can be used for identity theft, financial fraud, credential reuse, and targeting.
2. Low Investment Relative to the Data Value: The education system is chronically under-invested in cybersecurity. Many of these systems were built for a function/scale, rather than security by design, and are highly vulnerable.
3. High-Pressure Launches: Launching a massive, public-facing system like the CBSE OSM verification site that needs to service millions of students on day 1 often requires time constraints that preclude proper penetration testing, stress testing, security auditing, or staged deployment; these launches often launch with numerous known security flaws.
4. Large Attack Surface: The education ecosystem is comprised of many integrated systems, APIs, cloud instances, third-party systems, and authentication infrastructure. Each dependency increases the overall attack surface and provides multiple potential avenues to compromise these systems, such as IDOR, API abuse, or credential-based attacks.
5. Geopolitical Motivation: Following the Op Sindoor attack in 2025, there was a significant increase in public institutions targeted by cyber-attacks with prolonged DDoS against critical systems. Highly visible, public-facing student portals catering to more than 35 million students make a tantalizing target for both nation-state attackers and hacktivist groups to cause disruption or gather intelligence.

‍

The CBSE's Response

‍

A balanced perspective on CBSE's public response is necessary:

‍

1. The portal did not go down and served about 14000 users at any point during the attack and had over 28000 successful submissions by 10pm June 2nd.
2. In real-time, sessions are continuously being optimized for the students, and session timeouts are being extended.
3. Management was on top of the situation and maintained good communication through social media.

‍

To withstand a sustained attack volume of roughly 12,500 requests per second, CBSE would surely need more than one security control implemented on its infrastructure. In all probability, rate limiting was the primary reason it could sustain this attack volume by limiting the requests from an IP or client over a certain period of time and automatically aborting requests from systems sending automated data. This, coupled with perhaps load balancing, will distribute the attack across several systems, none of which will have become bottlenecks. Finally, it is possible that traffic could have also been routed via a Content Delivery System (CDN) or dedicated DDoS mitigation service capable of detecting and cleaning requests of malicious code before they even reach the origin servers.

‍

Technical Recommendations

‍

It is not sustainable for India's exam infrastructure to continue operating in a post-breach, patching-in mode forever. The systems need to embrace Privacy By Design (PBD) as an integral part of their DNA. Here are suggestions for short-term hardening and long-term resilience:

1. Deploy a zero-trust file access architecture: Each request to access any file should be authenticated, authorized using role-based access control (RBAC), and logged in an immutable audit trail. Direct access to file paths should not be permissible; rather, pre-signed, time-limited tokens are recommended to control file access.
2. Implement a multi-layered DDoS mitigation architecture: A combination of network edge traffic scrubbing (CDNs & DDoS mitigation services) along with rate limiting at the application layer via WAF is necessary. An Anycast-based multi-PoP architecture and pre-provisioning scrubbing capacity may further increase resiliency
3. Conduct pre-launch penetration testing and red teaming exercises: Penetration testing with OWASP Top 10 audits, API security reviews, and load-based penetration testing should be conducted by CERT-In empanelled auditors prior to the launch of the examination. The red team exercise should simulate blended DoS and file-probing attacks.
4. Secure Payments: The secure payment surface should support PCI-DSS Level 1 certified payments and tokenisation and employ velocity checks against automated abuse and support 3D Secure 2.0 (3DS2) on card payments.
5. Implement SOC: Security operations centers (SOCs) should have real-time access to CERT-In threat feeds and ISAC intelligence, allowing them to act quickly on emerging attack vectors before anything malicious can be exploited.
6. Encryption: Students' data should be encrypted with AES-256; keys should be stored separately in a Hardware Security Module (HSM) system and not co-located with the data storage system. Student data must also support the data minimisation principle, while storing it should be encrypted with AES-256 and keys should be stored securely in HSM.
7. Monitoring: 24/7 SOC monitoring, ongoing vulnerability scanning on all pipelines, anomalous detection baselining, and frequent tabletop exercises for cyber resilience at 24x7 and post-examination activities.

‍

Beyond the Breach: Governance, Accountability, and the Growing Cyber Threat to India's Education Sector

‍

The CBSE attack is merely one example of a wider truth, a truth that extends beyond an isolated security event and highlights security as not only an issue of governance but of national security. Although it was during a period in which there was considerable change in leadership within the CBSE (some officials had been removed from their positions), and although it may be impossible to prevent administrative change, security vulnerability is an inherent risk when it cannot be ensured that the new incumbents have had knowledge transferred from the previous administration in terms of system design, vendor management, configuration, and incident response procedures. It has become apparent that a requirement for digital system governance must be considered to be just as serious a requirement as an academic and administrative governance requirement.

The attack is also indicative of a wider problem, and in 2025 there were in excess of 265 million cyber-attacks, and increasingly, critical infrastructure is being attacked by all manner of actors, including criminals, hacktivists, and state-sponsored groups. Educational institutions offer a prime target due to the amount of personal data held within their systems and the historically low security investment they tend to have. Worldwide trends that support the similar narrative of "data of immense value protected by under-resourced programs" (universities hit by ransomware and mass student data breaches included) are being constantly illustrated. For an examining body of tens of millions of students, cybersecurity cannot be an afterthought and needs to be clearly addressed within the governance and risk-management framework of the institution and, therefore, become a fundamental pillar of public trust.

‍

Conclusion

‍

The June 2026 cyberattack on the CBSE's OSM portal both illustrated the advancing capabilities of today's threat actors and highlighted the critical role cyber resilience must play in India's education sector. A high-volume DoS attack combined with over 100,000 file access attempts indicates a concerted and strategic operation both for disruption and the opportunity for data theft. Though the CBSE's infrastructure did hold, the attack should not offer comfort. Educational institutions are responsible for a significant amount of sensitive personal data, and they are major targets to state-sponsored and financially motivated attackers. Attacks are bound to continue. It is essential that cybersecurity become a fundamental pillar of the governance and trustworthiness of education and not a technical afterthought.

‍

References

‍

1. CBSE Official Statement on Cyberattack, X (formerly Twitter), @cbseindia29, June 2, 2026.
2. Indian Express, "CBSE OSM Row: Portal attack was a 'coordinated, two-pronged operation' says cybersecurity expert," June 3, 2026.
3. Srinivas L, Joint MD & Joint CEO, 63SATS Cybertech (subsidiary of 63 moons technologies limited), was quoted in Indian Express, June 3, 2026.
4. The Federal, "CBSE re-evaluation portal faces cyberattack, records 1.5 million hits in two minutes," June 2, 2026. https://thefederal.com
5. CERT-In (Indian Computer Emergency Response Team), Empanelled Security Auditor Framework. https://www.cert-in.org.in
6. OWASP Top 10 Web Application Security Risks, 2021 edition. https://owasp.org/www-project-top-ten/
7. National Institute of Standards and Technology (NIST), Zero Trust Architecture (SP 800-207), August 2020. https://doi.org/10.6028/NIST.SP.800-207
8. Indian Express, "What CBSE ignored: Its own panel found glitches in dry run, said delay OSM by a year," June 3, 2026.
9. Asianet Newsable, "CBSE Class 12 re-evaluation portal withstands major DoS cyberattack," June 2, 2026. https://newsable.asianetnews.com

Introduction

‍

Imagine a scenario where a call is received by a senior citizen. The phone rings, he picks up. On the other side of the line is a polite and seemingly genuine bank official who informs him that his bank account has somehow been jeopardised and that he should quickly move his money to a safer escrow account right away. Or another situation where a police officer ends up threatening a senior citizen over a video call and places him under a digital arrest, pressuring him to pay up money in order to be set free. 

‍

This is not the storyline of a heist movie. This is the frightening new digital reality of millions of elderly people living all over the world. 

‍

Cybercrime against senior citizens has surged dramatically over the last few years. The year 2023 witnessed people (aged 60 and above), who submitted more than 101,000 complaints to the Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Centre (IC3) in the United States. The total losses reached approximately 3.4 billion dollars, which reflected an increase of 11% in comparison to the previous year. Tech-support scams, investment frauds, government impersonation schemes, etc., have been some of the most recent and significant risks to the financial security of senior citizens.

‍

This sharp increase in cyber fraud that has been targeting the seniors has shocked everyone, from the authorities to families. From phishing emails to fake customer care numbers to various digital payment scams, cyber criminals have deliberately been exploiting the senior population. They have repeatedly displayed the ability to wipe out a senior’s entire lifetime of savings in just a matter of minutes. The rise in cyber scams has been so alarming that even the Supreme Court of India expressed a deep concern over an estimated 3,000 crore rupees that was lost due to digital arrest scams.

‍

Behind these statistics, there have been several individual cases that have revealed the true reality and the personal impact of such scams. The scale of this threat was clearly illustrated when, reportedly, an 86-year-old woman from Mumbai lost 20 crore rupees in a well-planned digital arrest scam in a timeline of 3-4 months between December 2024 and March 2025. In other real-life instances, in December 2025, multiple senior citizens from Hyderabad and Delhi were manipulated into transferring tens of lakhs under the false implication of undergoing a legal action.

‍

This blog aims to focus specifically on the ways and means of:

• How cybercriminals operate against senior citizens, 
• The most typical online scams that target seniors and
• How to quickly identify them.

‍

Revealing the Insides of the Scammer’s Playbook: How They Operate, Trick and Steal

‍

• Picking out the prey: Fraudsters use classified information from various leaked online databases, social media profiles, online images, phone directories and in some instances, even obituaries, to build comprehensive lists of potential and vulnerable senior citizen targets. It may be shocking to know that these scammers could already be aware of your age, bank, city and the details of your family members. 

‍

• Masquerading and trust theatrics: Scammers pose as authoritative figures such as bank officers, RBI (Reserve Bank of India) or tax officials, telecom staff, Microsoft or Apple tech support, CBI (Central Bureau of Investigation), ED (Enforcement Directorate) and even judges. They further support this spectacle by creating professional emails, logos, illegal websites and forged notices. Caller IDs can be spoofed and can even appear in the name of a trusted bank or a government helpline. In digital arrest scams, scammers may build a fake courtroom or police station to showcase their authority and authenticity over video calls. 

‍

• Tugging at emotions and pulling the strings of fear: Cyber fraudsters rarely rely on logic as the basis. Instead, they attack emotions. They may make statements such as: ‘your account is being used for money laundering, you may be arrested today’, thus creating feelings of fear and panic in the mind of the targeted individual. ‘You’ve won a lottery!’, another example that appeals to the emotions of greed and excitement, or ‘Grandma, I’ve been in an accident; please send money and don’t tell anyone’, a classic example that preys on the emotions of love, urgency and concern. 

‍

There are more such illustrations: ‘Once in a lifetime investment opportunity’, ‘verify your details in the next 10 minutes or else your account will be frozen, ‘your computer has been hacked; only our technical team can fix it’, and the list goes on.

‍

• The final grab: Cash, Credentials and Control: After all that pretending and emotional manipulation, cyber criminals make their last and final move that essentially closes the deal. They may ask for OTPs (one-time passwords), internet banking credentials, or remote access via screen sharing mode. In other cases, they may pressurise their victims into making direct UPI (Unified Payments Interface) transfers, RTGS (Real-time Gross Settlement) / NEFT (National Electronic Funds Transfer) transfers and payment in the form of gift cards, vouchers or cryptocurrency. This marks the extraction phase. This is the moment where access and control is attained by the fraudster. After this, financial accounts, sensitive information, data, etc., can all be quickly drained, beyond any chance of recovery. 

‍

Unveiling the Cyber Scam Spectrum

‍

Below are some of the most commonly deployed online scams that are targeted towards the senior citizens of the present day.

‍

1. Imposters in Power: Impersonation scams, on a global level, have proved to be one of the fastest-growing and costliest frauds that occur against seniors. The scammers feign and impersonate officials from banks, income tax departments or even big companies such as Amazon. They would generally warn you about a failed KYC (Know Your Customer) update, your account being blocked or a legal violation. The victim is basically caught off-guard and is forced to share crucial details such as login credentials and OTPs. 

‍

2. The Digital Arrest Scam: From Call to Con: Lately, digital arrest has become one of the most terrifying scams that senior citizens have had to face. Seniors receive a voice call or a video call from someone who claims to be a police officer or a CBI/ED officer. Then, in a strict and authoritative tone, they make false claims about how the elderly’s Aadhaar, PAN (Permanent Account Number) or phone details have come under scrutiny for being linked to serious crimes such as drug trafficking, money laundering and terrorism. They threaten the elderly that they could be put under immediate arrest, their property could be seized, or they could be publicly humiliated. Once they have established fear, they then go on to show fake documents or court orders to corroborate their assertions. 

‍

Thereafter, the senior citizen is informed that he or she has been placed under a digital house arrest. They force the victim to stay on the video call, sometimes for hours and days, ask them to follow certain instructions and repeatedly warn them not to communicate with anyone else. Scammers further exploit the fear of being jailed or the fear of legal action, and gradually extract huge sums of money from the victim. In some cases, this scam can unfold and continue over an extended timeline spanning several months. 

‍

3. Tech Support Hoax: When Help turns Hostile: As per the FBI and other multiple security analyses, tech support scams are the most commonly reported senior citizen-related frauds in the US. 

‍

A pop-up may appear on the elderly’s screen stating that: ‘your computer is infected, call this number now’. Or they might receive a call from a person posing as a tech support person from either Microsoft, Apple, a bank’s IT team or as an internet service provider. He then goes on to guide the elderly to install certain remote access software or to grant screen control access to fix the issue. Once they gain access, they pretend to find some serious infection in the user’s system or they talk about how the speed of the internet is slow and that it needs to be fixed. As a result, they quietly steal passwords, introduce malware into perfectly healthy systems, lock user access and demand ransom in return.

‍

4. Payment App Scams: Phishing, Deadly Links and OTP Snares: Phishing as a cyber scam tactic sits at the heart of many payment app scams that target senior citizens. It may begin with a harmless SMS, an email or a WhatsApp alert. These correspondences may look like they have been received from a trusted bank or a familiar online payment platform.

‍

The messages are engineered in a way that aim at grabbing attention and trigger a feeling of panic and pressure. They push the elderly users who spring into action without any caution or thought. The victim may be urged to click a link, coupled with warnings of a blocked account, a failed transaction, a failed delivery or a KYC update. The message may also ask the user to ‘verify’ certain account details. They send urgent payment links that put pressure on the senior citizen to act immediately and transfer the said amount of money. 

‍

There are also instances where an SMS or WhatsApp link may claim to offer some kind of discount or reward only if the user enters his or her card details, UPI pin or OTP. This is an extremely dangerous scenario. If these details are given away, scammers acquire access to the user’s bank account. 

‍

5. Family in Crisis: Staging Fake Emergencies: These cyber-enabled scams, also known as ‘grandparent scams’, specifically target senior citizens by impersonating their kin and creating a fake impression of them being in some kind of trouble. With the help of methods such as AI (Artificial Intelligence) voice cloning, fraudsters mimic the voice of a grandchild or a family member (which they originally obtain from social media posts or videos), making their deception tactics extremely believable. The caller may claim to be in an accident or could say they have been arrested or are stranded somewhere. They may plead with the senior citizen to make an immediate payment. 

‍

In order to avoid cross verification of their fraudulent claims, they may insist on maintaining secrecy and brainwash their victim to not inform other family members of their made-up dilemma. 

‍

6. Fraudulent Friendships and Hijacked Hearts: For many senior citizens who live alone and in the absence of family and support systems, isolation becomes a vulnerability that is very hard to overcome. Fraudsters, who closely monitor such individuals, wait to seize any opportunity to use this weakness as a gateway to carry out their deceptive schemes. 

‍

‘Companionship scams’ and ‘romance scams’ are slowly turning into a serious problem among older adults. Cyber criminals befriend or connect with older adults on social networking, matrimonial and dating apps under false pretences. As time goes by, sometimes over weeks or months, these scammers work on building emotional intimacy and trust. Once this is accomplished, they then start making requests for money. These requests can be for (fake) medical emergencies, visas, travel tickets or business deals. Sadly, victims, who are already deeply invested emotionally, end up making these money transfers, sometimes losing their lifetime savings in the process. 

‍

In some cases, when things go too far, intimate photos or private conversations are later used by cyber fraudsters for sextortion. They threaten to leak these personal materials unless the victim pays money, further adding elements of fear and pressure to an already manipulative situation.

‍

7. Fraud in the name of Health and Benefits: For most senior citizens, their daily life depends on access to basic healthcare, uninterrupted pensions and government benefits. These systems are put in place to provide not just for the seniors’ financial stability, but also to ensure their peace of mind. 

‍

Conversely, fraudsters exploit this dependability. Fake medical offers, insurance plans, benefit claims and pension enhancement schemes, etc., are some of the methods that are being used to defraud the seniors. Scammers offer free medical equipment or health checkups in exchange for personal information related to banking and finances. 

‍

Another dangerous facet of these scams is ‘counterfeit medications’. These are sold under false claims and big promises and are advertised in a manner that tempts seniors to go for it. These fake medicines not only lead to loss of money but also gravely impact the elderly’s health. 

‍

Spot the Scam: Tips to Identify Early Warning Signs before the Scam Unfolds

‍

Cyber criminals are clever, creative and notorious, but their tricks come with familiar warning signs. Timely recognition of these signs can save senior citizens from falling into the scammer’s trap. Some of the most common and apparent warning signs are discussed below:

‍

• Don’t think fast, think twice! The urgency ploy: Cyber criminals thrive on creating a situation of panic and urgency. In instances where a senior citizen feels that he or she is being pushed towards rushed choices, it is better to take a step back to pause and think. Any unreasonable demand to act ‘immediately’ or within minutes, especially when it involves a transfer of money or confidential information, is very likely to be a scam. Not giving in to this hasty push can save the individual from getting tangled in the scammer’s web of lies.

‍

• Scammer’s best friend: Secrecy and silence: First comes the urgency, and then comes the demand to stay silent. Scammers strategically cite and invent so-called ‘security reasons’ and instruct their elderly victims not to inform their bank, friends or family of their situation. This secrecy prevents verification and keeps the victim trapped. Recognising this forced isolation can stop a cybercrime before it escalates and gets out of hand.

‍

• Red flag! When the deal sounds unreal: Scammers lure elderly victims with extraordinary offers and deals. Lottery wins, miracle investment returns, massive discounts or exclusive time-bound rewards are a few examples. These larger-than-life promises are designed in a manner that clouds an elderly person’s sound judgment. Therefore, if an offer feels too good to be true and unlike anything anyone’s ever heard before, then that’s the time to pause and take a step back. In almost all such cases, these unbelievable deals are simply a bait for a looming scam. 

‍

• Beware! They want your access codes: Senior citizens need to exercise extra caution when it comes to handing out their personal access codes. No legitimate bank, government office or reputable company will directly ask for OTPs, PINs or full passwords over calls or messaging apps. If someone asks for such details, it is an indication that a fraud may be imminent. 

‍

• Don’t pay just yet! Dubious payment gambits: If demands for payments are made in the form of gift cards, cryptocurrency or wire transfers to personal or unknown accounts, it is most definitely a scam. Scammers use these unconventional payment methods to avoid traceability. This strategy allows them to easily disappear with the victim’s funds, which in turn makes recovery of the stolen money nearly impossible.

‍

• Threats and intimidation over a phone call: Hang up! It’s a scam: It is important to understand that legitimate police and court proceedings do not take place over calls or messaging apps. Genuine officials will never demand or negotiate fines, legal payments or bail online. If someone uses the intimidation ploy on a senior citizen and threatens him with legal trouble or police action unless some money is paid, then that’s a clear warning sign of a cyber scam. 

‍

Empowered, not Exploited: When Knowledge Becomes the Best Defence

‍

Cyber scams targeting senior citizens are a deliberate and very well-orchestrated industry that thrives on uncertainty, ignorance and fear. The call of the moment is for the elderly and their families to turn awareness into armour. Knowledge about how scammers operate, how they steal, and the techniques they employ can prepare and empower our seniors to protect themselves in such critical situations. The early warning signs mentioned above are more than just mere cautions. They should be taken as ‘cues’ to ‘pause, reflect and re-check’. Being wary of unsolicited communication, safeguarding financial information, double-checking hurried correspondences, etc., can nip a scam in the bud before it plays out. Most importantly, digital safety for the senior citizens is a unified and collaborative responsibility that every responsible individual of the society needs to undertake. 

‍

References

‍

• https://frontline.thehindu.com/social-issues/ai-deepfake-digital-arrest-scams-india-cybercrime/article70587955.ece
• https://www.ic3.gov/annualreport/reports/2023_ic3elderfraudreport.pdf
• https://www.thehindu.com/news/national/supreme-court-shocked-over-3000-crore-loss-in-digital-arrest-scams/article70235621.ece
• https://www.thehindu.com/news/cities/mumbai/elderly-woman-loses-20-crore-to-digital-arrest-fraud-3-held/article69353437.ece
• https://timesofindia.indiatimes.com/city/hyderabad/three-senior-citizens-duped-of-rs-1-7cr-in-digital-arrest-scam-spree/articleshow/125876194.cms
• https://www.aninews.in/news/national/general-news/82-year-old-senior-citizen-digitally-arrested-and-cheated-of-rs-116-crore-cyber-cell-arrests-three-key-members-of-syndicate20251213145528/
• https://crr.bc.edu/preventing-cyber-scams-that-target-seniors/
• https://dos.ny.gov/scams-targeting-older-adults
• https://indianexpress.com/article/cities/chandigarh/victims-in-8-of-top-10-digital-arrest-scams-in-chandigarh-are-senior-citizens-data-reveals-10444252/
• https://www.seniorliving.org/research/common-elderly-scams/
• https://www.ftc.gov/news-events/data-visualizations/data-spotlight/2025/08/false-alarm-real-scam-how-scammers-are-stealing-older-adults-life-savings
• https://www.psca.org/news/psca-news/2025/8/scams-against-seniors-increasing-dramatically-ftc-warns/
• https://www.pcmatic.com/blog/the-rising-threat-of-elder-fraud-insights-from-ic3s-2023-report/?srsltid=AfmBOorC069NIYFwFO0W56nPcg_K0Wfv_oq0V-MI7fImI5ityAUrQTO9
• https://www.quickheal.co.in/knowledge-centre/guarding-our-elders-a-comprehensive-report-on-the-elder-fraud-epidemic-in-india/?srsltid=AfmBOorviPvoRuecjsOtAfVxyQEJF2vyICnr15GqbDfP1m3UXAnXndMw
• https://www.ncoa.org/article/top-5-financial-scams-targeting-older-adults/
• https://www.uchealth.org/today/elder-fraud-is-rising-and-it-is-hurting-more-than-just-finances/
• https://centerlighthealthcare.org/protecting-yourself-online-recognizing-and-avoiding-online-scams/

‍