By Sugandha Mukherjee
It begins, often, with a familiar voice or logo. A bail demand from a police officer on a video call. A cashback link masquerading as Paytm. An email from a senior colleague (spoofed, of course) urgently asking for your Amazon Pay credentials. In India, digital scams don’t feel like crime. The country is not only fertile ground for fraud, it is also a testbed for its most scalable forms—multilingual, mobile-first, hyperlocal.
Now, the response is changing. In June, Google announced a new Cybersecurity Safety Alliance Charter, built specifically for India, its largest market outside the US. It’s not a product, but a framework that integrates artificial intelligence-led protections into Android, Chrome, and the Play Store to detect scams before users encounter them. The shift marks a move away from user responsibility, password managers, antivirus software, scam literacy, and toward something quieter which is an automatic protection. There are no apps to install, no toggles to switch.
Defence by design
At the heart of Google’s initiative is real-time fraud detection on Chrome, capable of scanning URLs as they’re clicked, flagging phishing attempts and blocking malicious redirects. The Play Store now applies tighter scrutiny to financial apps, especially loan providers, and new AI models are being deployed to identify deepfakes and synthetic media.
Google in its blogpost said that in 2024, UPI related frauds reportedly cost Indians over Rs 1,087 crore, and as per the industry estimation, Indian entities could lose up to Rs 20,000 crore to cybercrime in 2025 if left unchecked. To prevent and detect harmful and illegal content, Google has combined policies and built-in technological protections under the Digikavach programme. The campaign has been building user awareness and resilience against online fraud in India. It has raised awareness about common frauds and scams reaching 177 million users and counting.
Building on this impact and furthering the collaboration with the ministry of home affairs, Google has officially partnered with the Indian Cyber Crime Coordination Centre (I4C) to strengthen its efforts towards user awareness on cybercrimes, over the next couple of months in a phased approach. The company has also inaugurated Google Safety Engineering Centre (GSEC) India in Hyderabad on June 18. This is Google’s first in the Asia-Pacific region and fourth globally, and stands as the operational heart where safety charter’s strategic commitments transform into tangible solutions, uniquely amalgamating Google’s global expertise.
In May, Airtel introduced a network-wide AI fraud detection system that works in much the same way. By monitoring traffic across its mobile and broadband services, the system blocks access to suspicious links in real time, whether they arrive via WhatsApp, SMS, OTT platforms or browsers. In a limited rollout in Telangana, it intercepted over 180,000 malicious links, shielding more than 5.4 million users in just 25 days. Apple, too, has expanded Safari’s anti-fraud protections globally, using device-side intelligence to detect and block scam sites, especially those mimicking banks and e-commerce platforms.
India as petri dish
India presents a singular challenge. Its digital public infrastructure, from Aadhaar to UPI to ONDC, has made transactions seamless. But its user base, still expanding rapidly into rural and tier-2 regions, remains highly susceptible to impersonation, social engineering, and synthetic media. Scams are distributed on Telegram, executed over WhatsApp, and dressed up in familiar brand language.
That’s why Google’s India-first approach matters. Unlike in the West, where security is often opt-in, India demands protection as a default setting.
Even regulators are responding. The Reserve Bank of India’s latest annual report notes that a Digital Payments Intelligence Platform is under development to monitor and curb fraud using advanced analytics. It’s a nod to the changing nature of digital risk, more real-time, more ambient.
The increase in the amount involved in the total frauds reported during 2024-25 over 2023-24 was mainly due to removal of fraud classification in 122 cases amounting to Rs 18,674 crore reported during previous financial years.
What emerges across these initiatives is a shared ethos—safety should feel invisible. As attacks grow more AI-driven, detection must become ambient—baked into networks, operating systems, browsers, and databases.
For Indian users, it’s a shift in expectations. Where once vigilance was personal, protection is becoming infrastructural. You don’t need to recognise a scam to be spared from it. The browser will close the tab. The telecom network will halt the redirect. The app store won’t let the fake lender in.
But as these defences become more sophisticated, so too will the attacks. AI will enable more personalised impersonation, more believable deepfakes, more precise linguistic mimicry. The question ahead is not whether users can be trained to spot deception—but whether the systems they rely on can evolve faster than the fraud. In that race, India is no longer catching up—it may well be leading.
