9,400 accounts linked to digital arrest fraud cases removed: WhatsApp to SC

Centre tells SC coordinated push spans scam networks, SIM controls, and AI-led detection

The Supreme Court of India (SC) has been informed that Meta’s messaging platform WhatsApp removed 9,400 accounts linked to “digital arrest” fraud and impersonation of law enforcement officers following a targeted investigation initiated in January 2026.

 

The details were placed on record through a status report filed by Attorney General for India R Venkataramani on behalf of the Indian Cybercrime Coordination Centre under the Ministry of Home Affairs. The filing forms part of ongoing suo motu proceedings addressing the rise of digital arrest scams involving forged documents and coercive tactics.

 

The report states that multiple stakeholders, including telecommunications operators, online platforms, and financial regulators, have begun coordinated interventions following directions issued by the court on February 9. These measures include faster blocking of suspicious SIM cards, development of biometric identity verification frameworks, and enhanced safeguards at the platform level.

 

 

In a communication to an inter-departmental committee constituted pursuant to court directions, WhatsApp outlined a structured, multi-week probe focused specifically on scam networks targeting Indian users.

 

The exercise involved identifying initial indicators, mapping linked accounts, taking enforcement action across entire networks, and building automated systems to prevent recurrence. This process resulted in 9,400 accounts being disabled for involvement in digital arrest and law enforcement impersonation schemes.

 

The platform indicated that its action extended beyond government takedown inputs. Of roughly 3,800 accounts flagged under Section 79 of the Information Technology (IT) Act, 2000, only a small fraction was directly tied to digital arrest fraud. However, deeper analysis enabled the identification of broader, interconnected networks, significantly expanding the scope of enforcement.

 

Section 79 of the IT Act provides “safe harbour” protection to intermediaries — social media platforms, websites, and internet service providers — from legal liability for user-generated third-party content, provided they act as neutral hosts, observe due diligence, and remove unlawful content upon receiving actual knowledge or government orders.

 

According to the submission, a large number of such scams originate from organised setups in Southeast Asia, particularly Cambodia. These operations typically function through clusters of accounts exhibiting common patterns, including similar names, reused images, and coordinated activity across groups.

 

To counter such behaviour, WhatsApp has deployed automated tools capable of detecting misuse of official logos and insignia in profile images, along with large language model-based systems designed to flag impersonation patterns. It has also begun recording display names of reported accounts from January 2026 to improve detection capabilities.

 

A database of known impersonation assets, covering profile photos, names, and descriptions, is being used to identify repeat offenders.

 

User protection measures have also been strengthened. These include alerts for messages from unknown contacts, visibility into account age, suppression of profile photos linked to suspicious numbers, and real-time detection systems during interactions.

 

The platform further indicated that it is working towards implementing SIM-binding requirements in line with a Department of Telecommunications (DoT) directive issued on November 28, 2025, with rollout expected in four to six months. Device-based risk detection systems are already operational, and the possibility of blocking device identifiers linked to fraud is under consideration.

 

On data retention, the platform has agreed to preserve records of deleted accounts for a minimum of 180 days in compliance with Rule 3(1)(h) of the IT Rules, 2021, to support investigative agencies. It is also examining additional safeguards, including detection of malicious APK files and measures to address prolonged scam calls.

 

Separately, the report notes that DoT is working on notifying the proposed Telecommunications (User Identification) Rules, alongside a biometric identity verification system aimed at enabling nationwide tracking of SIM issuance. The framework is expected to be notified within three months and implemented over the following six months, with full deployment anticipated before December 2026.

 

An inter-departmental committee meeting held on March 12, 2026, under the chairmanship of the special secretary (internal security), reviewed the misuse of telecommunications (telecom) infrastructure in such frauds.

 

Telecom service providers have been directed to strengthen subscriber verification processes, improve traceability of point-of-sale agents, and deploy AI-driven tools to detect suspicious calling and SIM usage patterns within three months. The feasibility of reducing the time taken to block suspicious SIM cards to two to three hours was also examined, given that many frauds occur shortly after activation.