Over the past eighteen months, the FBI's Internet Crime Complaint Center (IC3) has issued a steady drumbeat of public service announcements warning Americans — and Indian-American households in particular — about a scam choreography known as the ‘digital arrest’. A WhatsApp video call rings in. On the other end sits a man in what looks like an FBI, DEA, or ICE uniform, sometimes with a police seal behind him. He tells the victim that a parcel in their name has been intercepted with narcotics, that their Aadhaar or Social Security number is linked to money laundering, or that an arrest warrant has been issued. The victim is ordered to stay on camera, ‘under digital arrest’, until they wire funds to a ‘verification account’. The whole thing is theatre. None of it is legal. And it works.
According to the IC3's 2024 Internet Crime Report, released in March 2025, government-impersonation fraud generated reported losses exceeding $400 million in a single year, making it one of the costliest scam categories the Bureau tracks. The real number is almost certainly higher: shame keeps victims silent, and elderly first-generation immigrants — often unfamiliar with how US federal agencies actually contact citizens (they don't, over WhatsApp) — are disproportionately reluctant to file complaints.
A cross-border crime, run on commodity tools
The digital-arrest playbook was perfected in India, where the Indian Cyber Crime Coordination Centre (I4C) flagged it as one of the country's fastest-growing fraud typologies in 2024, and where Prime Minister Narendra Modi devoted part of his October 2024 Mann Ki Baat address to warning citizens that “no investigating agency ever conducts an inquiry over a phone or video call.” The scam has since followed the diaspora. Indian-American communities — many of whom maintain WhatsApp as their primary family-communication tool — became natural targets, with fraud rings in Indian metros calling US numbers and switching seamlessly between Hindi, Tamil, Telugu and English.
The infrastructure is mundane. A VoIP number that spoofs a 202 area code. A WhatsApp account registered to a burner SIM. A PDF of a forged FBI letterhead. A bank mule somewhere in the chain. None of this requires sophisticated technology, and none of it is unique to encrypted messengers — variations of the same scam run over Telegram, Signal, ordinary phone calls, and Zoom.
The wrong policy reflex
Whenever a fraud wave touches an end-to-end encrypted platform, the predictable response from a subset of policymakers is to blame the encryption. We have seen versions of this argument deployed in the UK's Online Safety Act debates, in the EU's ‘Chat Control’ proposals, and intermittently in the US around the EARN IT Act. The logic: if Meta could read WhatsApp messages, law enforcement could intercept the scammers in flagrante.
This is the wrong diagnosis. Digital-arrest scams are loud, not stealthy. The victim is on a live video call with the fraudster; the fraudster wants to be heard and seen. The evidentiary problem is not that the conversation is encrypted — victims can and do hand over screen recordings — but that the perpetrator is in another jurisdiction, the proceeds are routed through layered mule accounts, and mutual legal assistance between the US and India can take months. Weakening end-to-end encryption for two billion WhatsApp users worldwide would do nothing to shorten an MLAT request. It would, however, expose the same vulnerable elders to a far worse class of harm: account takeovers, stalkerware, and state-level surveillance abuses of the kind documented by groups like the EFF and Access Now in their ongoing work on platform security (see EFF's continuing critique of overbroad ‘border security’ surveillance bills such as Canada's Bill C-22).
What proportionate enforcement looks like
The good news is that the tools to bend the curve already exist, and most of them are unglamorous:
- In-app friction at the point of harm. WhatsApp has rolled out features warning users about calls from unknown international numbers and now silences such calls by default. Meta should be pushed — by the FTC and by user pressure, not by mandate — to expand contextual warnings when video calls feature uniforms, badges, or government seals, and to make ‘report and block’ one tap from the call screen.
- Cross-border police cooperation. The 2024 FBI-CBI takedown of a Noida-based call-centre ring that allegedly defrauded US victims of tens of millions of dollars showed what is possible when liaison officers, not legislation, do the heavy lifting. More embedded FBI legal-attaché capacity in New Delhi, and reciprocal Indian secondments in DC, would do more than any encryption mandate.
- Financial-rail interventions. The choke point in every digital-arrest scam is the wire transfer or crypto off-ramp. FinCEN's existing Section 314(b) information-sharing framework, combined with real-time fraud-pattern detection at the bank layer, is where the money — and the cases — can actually be stopped.
- Targeted public education. The IC3 PSAs are excellent but reach the wrong audiences. State attorneys general and community organisations should fund in-language outreach (Hindi, Tamil, Telugu, Gujarati, Mandarin) on the platforms older immigrants actually use, including WhatsApp itself.
The bigger lesson
Digital-arrest fraud is a reminder that the costliest online harms in 2026 are not novel AI-generated deepfake catastrophes — they are old-fashioned confidence scams running on new pipes. The right response is to harden the pipes where it is cheap (default-off unknown-number calls, transaction-level friction at banks) and to invest in the slow, expensive work of cross-border policing. The wrong response is to demand a structural redesign of secure messaging in the hope that it will somehow inconvenience criminals who are, by their own admission, performing on camera.
Encryption is not the scammer's friend. Impunity is. Policymakers who confuse the two will end up with worse fraud and worse privacy.