Case Studies On Phishing Via Whatsapp
📌 Case Study 1: ‘Digital Arrest’ Scam — Multiple Victims (Chandigarh & National Trend)
Facts
In January 2026, a couple in Chandigarh received what they believed were calls and WhatsApp messages from individuals posing as CBI officers. The scammers claimed the victim was involved in a money-laundering case tied to his Aadhaar number. They used WhatsApp calls, video calls with fake warrants on the screen and constant pressure to fake legitimacy. Under duress, the victim transferred ₹38 lakh to accounts provided by the fraudsters. Once the money was sent, the fraud became apparent.
Modus Operandi
Using fake identity cards and fake arrest warrants shown over WhatsApp video calls.
Threatening immediate legal action (arrest, property seizure) to create fear and urgency.
Directing victims to transfer money via bank RTGS/UPI under pretext of “verification”.
Legal Action
Police registered a case under the Bharatiya Nyaya Sanhita (cheating and coercion) and the Information Technology Act.
Victims reported to the cyber crime police after realizing the fraud.
Key Takeaways
This scam leverages psychological intimidation more than technical hacking. The use of WhatsApp for voice/video makes the interaction feel personal and “official,” which leads to victims complying with demands.
📌 Case Study 2: Impersonation & Investment Fraud (Assam CID Arrest)
Facts
In 2025, Assam Police CID arrested a suspect for a ₹96 lakh fraud conducted via WhatsApp. The accused impersonated a bank’s managing director, sending messages with the bank’s logo and forged profile pictures. The target — a company accountant — believed the message was legitimate and transferred ₹96 lakh to accounts instructed by the fraudster. Police managed to freeze ₹89 lakh after the complaint was registered.
Modus Operandi
Impersonation of high-ranking officials using stolen photos and fake profiles.
Using WhatsApp’s trust signals — display picture, perceived friendly contact — to persuade urgency.
Legal Action
CID arrested one individual and froze large amounts of funds.
FIR typically registered under cheating, impersonation provisions of BNS and IT Act.
Key Takeaways
This shows the credential harvesting element of phishing via WhatsApp: leveraging stolen identity features to gain trust and manipulate financial decisions.
📌 Case Study 3: RTO/E-Challan Phishing + Malware (Dehradun)
Facts
In late 2025, a 54-year-old man in Dehradun lost approximately ₹3.6 lakh after receiving a WhatsApp message claiming he had a pending traffic “e-RTO challan.” The message contained a malicious file disguised as an official document. Upon opening the file, malware enabled access to the victim’s banking credentials and funds were siphoned away before he realized something was wrong.
Modus Operandi
Sending APK files disguised as legitimate documents (e.g., challans or official forms).
Malware installs spyware or remote access tools to capture OTPs/banking access.
Money is transferred without the victim’s awareness.
Legal Action
FIR under sections of the Bharatiya Nyaya Sanhita and IT Act (cyberfraud).
Investigation continues to trace culprits through digital forensics.
Key Takeaways
This combines phishing (fraudulent message) with malware installation — a sophisticated hybrid attack, showing how WhatsApp can be used not just for social engineering but also for direct device compromise.
📌 Case Study 4: WhatsApp Group Investment Scam (Vizag & Hyderabad)
Facts
Multiple high-value investment scams have been reported in Andhra Pradesh and Telangana in 2025–26:
A Visakhapatnam doctor lost ₹2.5 crore after joining a WhatsApp group where fraudsters pretended to be stock trading specialists, showcasing fake profits and demanding more funds for “tax and withdrawal fees.”
A Hyderabad woman lost ₹2.5 crore after being convinced to invest in a fake stock investment platform promoted through WhatsApp groups with fake profiles and promises of SEBI registration.
Modus Operandi
Creation of WhatsApp investment groups with many members.
Showing fake trading dashboards with fabricated profits to build trust (a technique often called pig-butchering).
Promises of guaranteed returns that never materialize.
Legal Action
Victims lodged complaints with cyber crime police; investigations involve the IT Act and financial fraud provisions under the Bharatiya Nyaya Sanhita.
Key Takeaways
This is a classic social engineering + long-term grooming scam where WhatsApp groups are used to build illusory trust and then extract large investments.
📌 Case Study 5: Credit Card “Upgrade” Scam (Chandigarh Arrests)
Facts
In early 2026, Chandigarh Cyber Crime Police arrested three women from Delhi for a WhatsApp scam where they sent messages and calls claiming to be representatives of a foreign credit card firm offering an “upgrade” service. Victims were told to fill out a Google-form link via WhatsApp. Malicious links and forms gave attackers control over the victims’ phones, enabling them to siphon about ₹1.73 lakh via fraudulent credit card transactions.
Modus Operandi
Impersonation of a known financial brand to build credibility.
Sending malicious links pretending to be official forms.
Using access gained via links to drain money from accounts/cards.
Legal Action
Police arrested three accused.
Investigations under IT Act and BNS sections (cheating and unauthorized access).
Key Takeaways
Shows how phishing via WhatsApp isn’t only about messages — it can include malicious forms and credential theft through link-based attacks.
⚖️ Legal Framework and (Selected) Court Responses
While many reported cases are under police investigation and FIRs (not yet fully adjudicated), there are notable legal actions involving WhatsApp–related scams:
1. Delhi High Court: Blocking Scam Accounts
The *Delhi High Court directed telecom providers, WhatsApp, and NPCI to block mobile numbers and accounts used in an impersonation scam targeting customers of a retail brand, Tira. This interim order recognized the serious public harm caused by WhatsApp phishing and impersonation and directed platforms to act.
2. Brand Impersonation Injunctions
Courts have granted injunctions against misuse of brand names in WhatsApp scams — e.g., restraining misuse of the Moneycontrol brand in investment phishing scams.
3. Admissibility of WhatsApp Chats in Evidence
Indian courts have accepted WhatsApp chats as evidence in legal disputes, affecting how phishing evidence can be used in prosecution.
📌 Common Legal Charges Used in WhatsApp Phishing Cases (India)
| Legal Provision | Applicable Offence |
|---|---|
| Bharatiya Nyaya Sanhita (IPC successor) | Cheating, deception, criminal breach of trust, intimidation |
| Information Technology Act | Cyber fraud, unauthorized access, identity theft, phishing |
| Evidence Act sections (e.g., related to electronic evidence) | Admissibility of WhatsApp logs |
📌 Key Patterns Observed Across These Cases
✔ Impersonation — of officials, bank executives, service agents, law enforcement.
✔ Social engineering — urgency, fear, promise of profits.
✔ Use of WhatsApp identity features — display photos, names, group trust.
✔ Financial transfers — UPI, RTGS, credit card transactions.
✔ Malware & phishing links — malicious apps/documents leading to credential theft.
✔ Court and police action — FIRs filed; some court directions to block fraudulent accounts.
📌 Summary
These case studies show how phishing via WhatsApp is not a theoretical risk but a widespread and evolving threat — blending impersonation, malicious links, psychological pressure, and organized fraud tactics. Legal responses involve cyber police investigations, IT Act charges, and court orders to block and restrain scam infrastructure, though many cases are still under investigation or prosecution rather than fully adjudicated in court.
RELATED Blog
comments