For roughly two years, a peculiarly cinematic fraud has moved from Indian living rooms into American ones. A WhatsApp video call lights up. On screen sits a uniformed figure — sometimes 'CBI', sometimes 'Mumbai Police', sometimes a 'US Customs officer' with a star-spangled backdrop. The victim is told a parcel in their name has been intercepted with narcotics, or that their Social Security Number is implicated in a money-laundering case. They are placed under 'digital arrest' — ordered to stay on camera, not speak to anyone, and wire funds to a 'verification account' until the matter is cleared.
It is theater. It is also one of the fastest-growing cross-border consumer frauds targeting the United States, and Indian-Americans have been disproportionately hit. The policy question is no longer whether this is a problem. It is whether Washington and New Delhi respond with the right tools.
The shape of the threat
The FBI's Internet Crime Complaint Center (IC3) has been tracking government-impersonation fraud for years, but the modern playbook crystallized in its September 2023 Phantom Hacker advisory, which described a multi-stage scam in which fake tech-support agents hand victims off to fake bank officials and then to fake federal officers. IC3's most recent annual reports describe tech-support and government-impersonation losses running into the billions, with older Americans bearing the largest per-victim losses.
The Indian variant — the 'digital arrest' — fuses that script with a live video call and a uniform. Prime Minister Narendra Modi devoted a segment of his Mann Ki Baat address in October 2024 to warning citizens that 'no investigative agency in India interrogates anyone through video calls.' India's Ministry of Home Affairs, through the Indian Cyber Crime Coordination Centre (I4C), has since issued repeated directives to Meta to disable WhatsApp accounts linked to these operations, with Indian government communications referencing hundreds of thousands of accounts actioned.
The Central Bureau of Investigation launched Operation Chakra-III in October 2024, the third tranche of an ongoing cross-border cybercrime sweep. Raids have hit call centers in Delhi-NCR, Hyderabad, and other hubs running scripts aimed at US, Canadian, UK and Indian victims. Coordination with the FBI, Interpol and counterparts in the Five Eyes is now standard practice; FBI–CBI cybercrime cooperation has become a recurring agenda item in US–India strategic dialogues.
Why platform-blame is the wrong reflex
The temptation in Washington — particularly as state attorneys general circle Meta on adjacent issues — will be to treat WhatsApp as the villain and demand structural changes: weakened end-to-end encryption, mandatory client-side scanning, or aggressive 'know-your-customer' rules for messaging accounts.
That instinct should be resisted. The harm here is real, but the diagnosis matters:
- The fraud is a social-engineering attack, not a cryptographic one. The victim hands over money because they believe a uniform on a screen. Breaking encryption would not prevent that conversation; it would simply expose every other WhatsApp user — including journalists, dissidents and businesses — to surveillance risk.
- Account-level enforcement already works. India's I4C–Meta channel demonstrates that targeted, evidence-based takedown requests can disable scam infrastructure at scale without rewriting the protocol. Meta's own transparency reporting describes proactive bans of millions of accounts for scam and platform-manipulation behavior.
- The supply side is in India, not in Menlo Park. Call centers, SIM-box operators, money-mule networks and crypto cash-out points are the choke points. Operation Chakra-III is correctly aimed at them.
What good US policy looks like
A proportionate response from US policymakers should focus on four things:
1. Resource the FBI's foreign-liaison capacity
FBI Legal Attachés in New Delhi and elsewhere are the single most important node in this chain. Congress should ensure IC3, the FBI Cyber Division, and the Department of Justice's Computer Crime and Intellectual Property Section are funded to keep pace with India's I4C, which has scaled rapidly.
2. Treat MLAT reform as a cyber priority
Mutual Legal Assistance Treaty requests between the US and India remain slow. A CLOUD Act executive agreement with India — long discussed, never concluded — would meaningfully accelerate evidence-sharing for fraud cases where speed determines whether mule accounts can be frozen.
3. Lean into platform partnership, not platform punishment
WhatsApp's in-app reporting, business-account verification, and scam-warning prompts are improving. Public–private signal-sharing — modeled on the Stop Scams UK coalition or the US National Cyber-Forensics and Training Alliance — would let banks, telcos and messaging providers correlate indicators faster than any regulator could mandate.
4. Invest in victim outreach in diaspora communities
Indian-American seniors, often comfortable with Hindi-, Telugu- or Tamil-language calls and respectful of authority figures, are a high-value target set. IC3 advisories in English alone will not reach them. State-level consumer protection offices, FCC robocall outreach, and AARP-style campaigns should be funded for multilingual delivery.
The deeper point
Cross-border scams are a test of whether democracies can cooperate operationally at the speed of the criminals exploiting them. India is doing more than many critics give it credit for: Operation Chakra-III, I4C's takedown pipeline, and the Prime Minister's personal megaphone are serious signals. The US response should match that seriousness with prosecutorial capacity and treaty plumbing — not with messaging-platform mandates that would weaken security for hundreds of millions of lawful users to chase a fraud that thrives on human trust, not technical weakness.
The uniform on the screen is fake. The right answer is to arrest the people behind it, on both sides of the ocean. Everything else is theater of our own.