Misinformation and Online Scam Statistics in India: 2026 Report

· Anuranjan Vikas · 7 min read
statisticsmisinformationscamsindiadata-breaches

India lost over Rs 22,000 crore to cybercrime in 2025 alone — a 24% spike over the previous year. With 535+ million WhatsApp users, billions of daily messages, and deepfake incidents growing 900% year-over-year, India is one of the most targeted countries in the world for online misinformation and digital fraud.

Misinformation Statistics

Most of India’s misinformation flows through one app: WhatsApp. And because of end-to-end encryption, nobody can moderate it at scale.

  • 535+ million Indians use WhatsApp — the largest user base of any country globally. That’s roughly 1 in 3 Indians on a single platform with end-to-end encryption, which makes content moderation nearly impossible.
  • Misinformation spreads 6x faster than accurate news on social media, according to a widely cited MIT study. False stories are 70% more likely to be retweeted than true ones.
  • Over 60% of Indian internet users have encountered fake news on WhatsApp, per surveys by the Internet and Mobile Association of India (IAMAI) and others.
  • Election misinformation surges 10x during campaign periods. India’s general elections consistently trigger massive spikes in fabricated claims, doctored images, and out-of-context videos.
  • Health misinformation caused real-world harm during COVID-19. The WHO labeled it an “infodemic” — and India was one of the worst-hit countries, with false remedies, vaccine conspiracies, and fabricated death counts circulating widely.
  • Over 100 billion messages are exchanged on WhatsApp daily worldwide. India accounts for a disproportionate share. Even a small percentage of those being misleading creates an enormous volume of misinformation.

Not sure whether something you saw is real? We wrote a practical guide to fact-checking news online that covers the methods that actually work.

Online Scam Statistics

The money being lost is staggering, and the recovery rate is basically nothing.

  • Rs 22,495 crore lost to cybercrime in 2025, with 28.15 lakh complaints registered — up from 22.68 lakh in 2024 (a 24% increase), per NCRB and government data.
  • Investment scams accounted for 75%+ of total losses. Fake stock tips, crypto schemes, and “guaranteed return” platforms are by far the biggest drain.
  • UPI fraud hit Rs 805 crore in the first 8 months of FY26 (April–November 2025), involving over 10.64 lakh incidents. In FY24, UPI frauds jumped 85% to 13.42 lakh cases and Rs 1,087 crore in losses.
  • Recovery rates are dismal — victims recovered just 6% of stolen funds during April–September 2025, even though 92% of complaints were addressed within 30 days.
  • “Digital arrest” scams emerged as the fastest-growing psychological fraud in 2025. Scammers impersonate police or government officials over video calls, pressuring victims into transferring money. These accounted for 9% of total cybercrime losses.
  • Common scam types include fake job offers, KYC update fraud, delivery notification scams, sextortion (4% of losses), and investment app fraud.
  • 1 in 5 UPI users reported experiencing a fraud attempt, per a LocalCircles survey — and 51% of victims didn’t report the incident at all.

Most of these scams follow recognizable patterns. Our WhatsApp scam guide breaks down exactly what to watch for.

Deepfake and AI-Generated Content Statistics

Two years ago, deepfakes were a curiosity. Now they’re a full-blown crisis.

  • Deepfake content is projected to grow 900% year-over-year, with files surging from 500,000 in 2023 to an estimated 8 million in 2025.
  • 65% of Indian organisations have already experienced deepfake-driven attacks, according to the 2026 Thales Data Threat Report. 55% report damage from AI-generated misinformation.
  • India’s Tax ID (PAN) was the most targeted document globally — 27% of identity document attacks in 2024 involved Indian IDs.
  • The Hong Kong $25 million deepfake case made international headlines in early 2024 when scammers used AI-generated video of company executives on a conference call to authorize a wire transfer. This is the kind of attack that’s now reaching India’s corporate sector.
  • Voice cloning has crossed the “indistinguishable threshold” in 2026, according to researchers. You can no longer reliably tell a cloned voice from a real one by ear alone.
  • India introduced new IT rules in February 2026 requiring social media platforms to remove deepfakes within 3 hours of a court or government order.

Spotting them is harder than ever, but there are still tells and tools that work. We break it down in our deepfake detection guide.

Data Breach Statistics

If you’ve used the internet in India for any length of time, your data has probably been exposed. That’s not paranoia — it’s math.

  • India’s average cost of a data breach reached Rs 220 million (approx. $2.6 million) in 2025 — an all-time high and a 13% increase from 2024’s Rs 195 million, per IBM’s Cost of a Data Breach Report.
  • An estimated 8,500 identity theft and data breach cases were projected across India in 2025, with Karnataka (2,500 cases), Telangana (2,100), Uttar Pradesh (1,200), and Maharashtra (1,000) leading the count.
  • 265+ million cyberattack attempts were recorded in India in 2025.
  • Only 37% of Indian organisations have AI access controls in place, per IBM. Nearly 60% don’t have an AI governance policy or are still developing one — leaving massive gaps for shadow AI-driven breaches.
  • Shadow AI adds Rs 17.9 million to the average breach cost. Employees using unapproved AI tools are creating exposure that security teams can’t see.
  • One of India’s largest banking data exposures happened in September 2025 — a misconfigured Amazon-hosted storage server leaked 273,000 PDF documents linked to 38 banks.

Been in a breach? Our step-by-step response guide walks through what to do first. Not sure if you’ve been exposed? Check your email against breach databases — takes 10 seconds.

Most cyberattacks don’t start with some clever hack. They start with someone clicking a link they shouldn’t have.

  • CERT-In identified 128 million phishing domains within a pool of 2.2 billion malicious DNS queries, after analyzing over 9,800 billion DNS queries using AI-powered detection systems.
  • CERT-In handled 29.44 lakh (2.94 million) cyber incidents in 2025, issuing 1,530 alerts and 390 vulnerability notes.
  • Phishing accounts for 22% of all cyber incidents in India — making it the single most prevalent attack type. Many of these are now AI-enhanced, with voice clones and deepfakes used to increase credibility.
  • QR code phishing (“quishing”) attacks increased 5x in 2025. 12% of all phishing emails now contain a QR code, up from negligible levels just two years ago.
  • C-level executives are 40x more likely to fall victim to QR code phishing attacks than other employees.
  • 68% of quishing attacks specifically target mobile users, exploiting the fact that phones have smaller screens and less visible URL previews.
  • 90% of quishing attacks aim to steal login credentials — targeting corporate email, cloud storage, and remote access tools.

If you’re not checking links before clicking, you probably should be. Our URL safety guide shows you how in under 10 seconds.

How to Protect Yourself

None of this requires technical expertise. It’s mostly about building a few reflexes:

  • Verify before you share. Got a shocking claim on WhatsApp? Fact-check it or forward it to Kaval before it reaches your family group chat.
  • Don’t trust links from strangers. Especially in messages from unknown numbers. Takes 10 seconds to check.
  • Check your email against breach databases. You’ve probably been exposed and don’t know it. Run a quick scan.
  • Be skeptical of outrageous images. If a photo looks too dramatic to be real, it might literally be generated. Know what to look for.
  • Save the Kaval WhatsApp bot number. Forward anything suspicious to +91 7200218310 for an instant verdict. It’s free.

FAQ

Which social media platform has the most misinformation in India?

WhatsApp, by a wide margin. With 535+ million Indian users and end-to-end encryption, content moderation is virtually impossible at scale. Messages are forwarded across groups without any visibility into their origin or accuracy. Other platforms like Facebook and X have misinformation problems too, but they at least have public-facing content that fact-checkers and algorithms can flag. WhatsApp’s closed nature makes it the biggest blind spot.

How much money do Indians lose to online scams each year?

In 2025, Indians lost at least Rs 22,495 crore (roughly $2.7 billion) to cyber fraud, per government data reported through the National Cyber Crime Reporting Portal. UPI fraud alone accounted for over Rs 805 crore in the first eight months of FY26. And these are just the reported numbers — with 51% of UPI fraud victims not reporting incidents, the real figure is likely much higher.

Is misinformation getting worse in India?

Yes, and it’s accelerating. The volume of misinformation has grown alongside internet adoption — India added hundreds of millions of internet users in the last five years. Now, generative AI is making it cheaper and faster to produce convincing fake content. Deepfake files grew from 500,000 in 2023 to a projected 8 million in 2025. Voice cloning reached the “indistinguishable” threshold in 2026. And with election cycles, health crises, and communal tensions providing constant fuel, India’s misinformation problem isn’t slowing down anytime soon.

The statistics in this report are sourced from government bodies (NCRB, CERT-In, RBI, MHA), research institutions (MIT), industry reports (IBM Cost of a Data Breach 2025, Thales 2026 Data Threat Report), and credible news outlets. Where exact 2026 figures aren’t yet available, the most recent data is used with the year noted. This page will be updated as new data is published.

Have a claim you want verified? Try Kaval — send any message, link, or image and get a fact-checked response in seconds.