The FBI's Internet Crime Complaint Center (IC3) released its 2024 Internet Crime Report in April 2025, and one storyline cuts through the usual ransomware-and-BEC headlines: a scam playbook borrowed from India is now running at scale on American grandparents. Fraudsters posing as FBI, DEA, Customs and Border Protection or local police agents are calling US victims, moving them onto WhatsApp video calls in fake 'uniforms', and holding them in a digital interrogation room until they wire their savings. The IC3 attributes more than $400 million in 2024 losses to government-impersonation schemes alone, with the over-60 cohort and the Indian-American diaspora bearing a disproportionate share of the damage.
The instinct in Washington — and on Capitol Hill where messaging encryption is a perennial punching bag — will be to blame WhatsApp. That instinct should be resisted. The vulnerability here is not the cryptography of the app; it is the social engineering of the human. Confusing those two will produce bad policy, weaker security for every other user, and almost no reduction in fraud.
What the IC3 Report Actually Shows
The 2024 IC3 report logged roughly $16 billion in reported losses across all complaint categories, the highest in the program's history. Inside that total, the FBI separately flagged two related categories that have exploded year-over-year:
- Government-impersonation fraud, in which a caller claims to be a federal agent and threatens arrest unless the target 'verifies' funds.
- 'Phantom hacker' scams — a layered tech-support-plus-government-impersonation pipeline the FBI first warned about in a September 2023 public service announcement (PSA I-091923-PSA).
What is newer in the 2024 data is the operational template. Indian regulators have spent eighteen months sounding the alarm about so-called 'digital arrests' — extended WhatsApp video calls in which victims are held on the line, told they are under house arrest, and walked through wire transfers. Prime Minister Narendra Modi devoted a segment of his October 2024 Mann Ki Baat broadcast to the scam. Indian law-enforcement agencies, including the Central Bureau of Investigation through its Operation Chakra series, have repeatedly raided call centres running these scripts. The IC3 numbers suggest those same scripts — and in many cases the same operators — are now being aimed at the United States.
Why Diaspora Communities Are in the Crosshairs
The Indian-American skew in the FBI data is not a coincidence. Indian-Americans are heavy WhatsApp users (Meta has long described the US Indian community as one of the platform's most engaged English-language audiences), they frequently move money between India and the US, and they often have plausible reasons to take an unexpected call about a 'customs parcel' or 'PAN card violation.' A fluent Hindi-speaking caller flashing a doctored FBI ID over video is, for a 72-year-old retiree in New Jersey, simply harder to dismiss than a robocall in broken English.
The same logic explains why elderly victims dominate the loss column. The FBI's 2024 Elder Fraud Report has consistently shown that adults 60 and older account for the largest absolute losses in IC3 data, even when they are not the largest share of complaints.
The Wrong Policy Reflex: Breaking Encryption
Every time a high-profile scam migrates onto an encrypted platform, the same proposal resurfaces: require message-scanning, weaken end-to-end encryption, or mandate 'lawful access' backdoors. It would not stop digital-arrest fraud. These scams are conducted on video calls initiated by the criminal; the victim consents to join. Law enforcement does not need to read the ciphertext — it needs the metadata, the originating numbers, the money trail, and a counterpart in Delhi or Dubai willing to knock on the call centre's door. Each of those is already legally available through MLAT requests, platform abuse reports, and existing wire-fraud authorities.
Weakening WhatsApp's encryption, by contrast, would degrade security for the journalists, dissidents, small businesses and ordinary Americans whose threat model is not a fake FBI agent but a real data breach. That is a bad trade.
What Proportionate Policy Looks Like
A serious US response should focus on four levers — none of which require touching encryption.
1. Fund the IC3 and the takedown pipeline
The IC3 is the country's central fraud-reporting nerve. It remains chronically under-resourced relative to the volume it processes. Congressional appropriators should match the FBI's published loss numbers with proportionate staffing for the IC3's Recovery Asset Team, which has a track record of clawing back wire-fraud transfers when notified within hours.
2. Deepen US–India law-enforcement cooperation
Most of these call centres are not in the US. The Department of Justice and the Indian Ministry of Home Affairs already cooperate on cybercrime through the existing MLAT framework and the I4C (Indian Cyber Crime Coordination Centre). That channel should be widened, fast-tracked for impersonation cases, and matched with joint takedown operations modelled on Operation Chakra.
3. Encourage in-app friction, not in-app surveillance
WhatsApp has rolled out unknown-caller silencing, scam-warning banners, and the option to block international numbers by default. These are exactly the right interventions: they raise the cost of the scam without touching message content. Regulators can encourage Meta and other platforms to ship more of this safety-by-design — for example, a default friction prompt the first time an unknown international number initiates a video call — without legislating the cryptography out of the product.
4. Targeted public education through trusted channels
The FBI, AARP, and community organisations serving the Indian-American diaspora should be funded to run language-appropriate awareness campaigns. The single most effective message — 'no US federal agency will ever arrest you over WhatsApp' — costs almost nothing to broadcast and demonstrably works.
The Bottom Line
The digital-arrest scam is a human-engineering crime wearing a tech costume. The right response is the unglamorous one: better policing, better cross-border cooperation, smarter in-app friction, and clearer public messaging. America does not need a new internet law to stop this. It needs to fund the tools it already has — and to resist the temptation to break the encryption that protects every other user on the network.