End-to-end encryption (E2EE) on Instagram was designed to provide the maximum possible level of possible security for messages and calls, ensuring that the sender and recipient, along with the service provider could read or listen to them. However, Meta is discontinuing E2EE for Instagram DMs starting May 8, 2026, i.e. the conversations will no longer be protected and Meta will regain access to content.

Privacy: The main purpose was to ensure that Meta (Facebook) could not see or listen to your messages, photos, videos, or voice notes, as they were protected by keys that only the participants held. However, it should be noted that service providers had an access to it.

Security from Third Parties: By encrypting the message on your device and decrypting it only on the recipient’s, it aimed to prevent third-party interception, such as by hackers/ misuers.

Safeguarded and secure conversation : There is a misconception that with presence of E2EE all the chats and personal DM’s were safeguarded and secure. They were very accessible to the service providers. But, due to E2EE’s removal, now they became more vulnerable to hacking and misuse.

Removal of E2EE: Instagram is switching off E2EE, which means all future DMs will revert to standard encryption, allowing Meta to access the content of your chats.

Recommendation –

1) Pay close attention to new consent forms or privacy policy updates.
2) Cease High-Risk Communication and stop sharing bank details, passwords, intimate media, or sensitive legal/business confessions via Instagram DMs/ other risk bearing social platforms immediately.

I never intended to publish this but the way news of RBI Ombudsman directing
Rs 1.31 crore relief in Rs 23 crore scam to compensate digital arrest victim is being published in National Media, made me compell to bring other side of the story in Public domain.
1) What about remaining 21.69 Cr?
2) Where are the reliefs for remining amount?
3) Hon Supreme Court has directed to move to appropriate Forum for recovery of money and RBI Ombudsman has directed to pay 1.31 Cr, now which other appropriate forum is left?
4) The Digital Environment’s checks and balances of the banks are so fragile that Money Mule accounts are operating without any fear and may be for some Favor from the banks, that this huge money gets transferred within seconds bypassing all security checks like Threshold frequency, Ongoing Due Diligence etc. but banks are not penalized for the same.
5) Are Our banks are FOR THE DEPOSITORS OR FOR THE AIDING MONEY MULES TO LOOT THE DEPOSITORS?

One of relief to one victim is not what should be highlighted by National Media.Questioning for Rights of Other Digital arrest Scam Victims is NEED OF THE HOUR AND HOPEFULLY OUR NATIONAL MEDIA will do the same.

You, the reader can not be mute spectator and its my humble appeal to FORWARD THIS MESSAGE TO AS MANY PEOPLE AS POSSIBLE.

Stay alert. Shop smart. Protect yourself from online fraud.

Think before you click. Verify before you pay.
🚫 Don’t fall for the illusion.

ग्राहक फसवणुकीचा नवा ट्रेंड: ऑनलाइन फॅशन स्कॅम

अनेक ऑनलाइन विक्रेते बनावट फोटो, चुकीची माहिती आणि खोट्या ऑफर्सद्वारे ग्राहकांची दिशाभूल करत आहेत.
ग्राहकांनी तक्रार नोंदवणे, पुरावे जपणे आणि कायदेशीर मार्ग अवलंबणे गरजेचे आहे.

📢 ग्राहक जागरूकता हीच खरी सुरक्षा.

The Chief Justice of India
Honourable Supreme Court
New Delhi

As a person following Cyber Laws in India since 1998, I am happy that the Supreme Court of India has taken Suo-Moto Cognizance of the “Digital Arrest Scam” and is trying to develop some guidelines to mitigate the hardship of the victims. This is a great opportunity to improve the digital eco system in India and we need to make full use of this opportunity.

In this context, I would like to place before you the following suggestions for consideration and request you to provide suitable directives to the relevant parties.

1. We need to identify and apply corrections to the root cause.
2. Consider introduction of a new Law for Neuro Rights Protection
3. Bring changes to our Banking practices by directing RBI and the Bankers avoiding collateral damage of innocent persons.
4. Bring Technical improvements to the Telecom and Mobile service providers

I will try to elaborate each of these suggestions.

1. Root Cause and it’s Rectification

The first thought that occurs to every one of us is how is that educated and otherwise mature persons fall into the trap of the Digital Arrest scam to the extent they take out crores of rupees of their savings and hand it over to the fraudster. This is continuing even after the Prime Minister himself addressed the awareness requirement in one of his “Man Ki Baat” episodes. While “Awareness” continues to be necessary, it is obviously not sufficient.

The modus operandi indicates two reasons why people are falling into a trap which is apparently irrational. The modus operandi is to make a fake phone call, threaten action by law enforcement agencies and suggestion that certain amount may be deposited temporarily in a Government account pending enquiry.

The irrational action of the victim in this context is induced by

a) Fear that even if they are innocent, law enforcement agencies may harass them
b) A False sense of security that the Government agencies where the money is sought to be parked can be trusted to return it since they are any way innocent.

Thus the fraudsters cleverly exploit both the “Fear” and the “Trust” and mesmerizing the victims through their talking. We may recall that some times back, the “Blue Whale” game was prevalent where fraudsters drove innocent children to harm themselves through suggestions.

The psychological analysis of this situation is that the victims got into a “Hypnotic State” where they lost their rational decision making process and blindly followed the suggestions of the fraudster. This is a sophisticated “Cyber Hypnosis” strategy.

We can observe such behaviour also in situations where people “Freeze” at the sight of a real or toy gun for the fear of harm that may occur. The so called “Stockholm syndrome” is also a manifestation of a defence mechanism that follows the initial state of obedience through fear.

Law recognizes that actions taken under threat, coercion, mistaken impression and when a person is not under control of his mental faculties as “Void” under law. Hence the act of “Handing over of money voluntarily” which is used as a defence by Banks to avoid their responsibility is not legally sustainable.

Therefore, the liability for the digital arrest scam, cannot be held against the victim even if it looks foolish for the victim to act in the manner in which he did.

The solution to prevention of this “Fear” and “Blind trust” together placing the victim in a terrorized state of mind and blind compliance is to increase public knowledge on institutions like CBI, ED and RBI on what they do and what they do not do.

Also a single point PR contact should be available at all these institutions to provide clarifications when required. A direction to this effect must be issued.

Academic institutions should work on creating “Cyber De-addiction Websites” which try to remove the misconceptions about social media that whatever comes on the Internet is true and reliable. People should be made aware that after the AI based synthetic content spreading across the Internet, no information is reliable unless it is cross verified from a reliable source. Availability of public contact points with law enforcement agencies is the first step in this direction.

Government agencies such as Meity should be directed to invest in measures to publicize the lack of reliability of information on the Internet and the dangers of synthetic content. Such investments should be mandated as a security measure along with investments for technology promotion.

2. New Neuro Rights Law

If we recognize that these frauds are occurring because the mind of the victim is manipulated, we should recognize that this is an offence. This is part of “Dark Patterns” under the Consumer Protection Act. It was also a part of the earlier versions of the Data Protection Bill which was omitted in the latest version of DPDPA 2023.

“Manipulation of Human Mind” with either devices or communication should be considered as a violation of “Neuro Rights” and should be protected either as an extension of the “Right to Privacy” or “Right to Free Choice” or through a separate law.

3. Changes in Banking Policies

It is noted that in a few instances where vigilant Bankers have identified the problem and prevented the customer from going through the payment. This indicates that in other cases, Bankers have been negligent.

In all the successful digital arrest fraud instance, the Bankers both at the end of the victim and at the end of the beneficiary along with the Mobile Service Provider who issued a SIM to the fraudster should be considered as co-conspirators to the fraud and must be jointly and severally liable.

The KYC norms and the RBI instructions on adaptive authentication make it mandatory that an account is monitored and any “Unusual” transactions are flagged for elevated authentication checks. Unfortunately Banks donot follow this norm. The beneficiary Banks donot check the known sources of income of their customers with the unusually large amounts that are credited. This is a blatant omission of the RBI norms.

In the TDSAT judgement on S Umashankar Vs ICICI Bank, the Tribunal considered that not following reasonable security practices by the Banker was a violation of Section 43(g) of ITA 2000 and makes them liable directly along with criminal consequences of Section 66.

This needs to be put into a direction by the Supreme Court.

At the same time, the Banks and the Police often mis interpret the RBI guidelines and when some stray funds are found in the account of innocent account holders proceed to freeze the entire account. Law is very clear that if there is any disputed credit in the account there can be a lien only on that amount and not the entire account. However many Police personnel issue directives to freeze entire accounts and Bankers oblige them. De-freezing of such account will be delayed unless pals are greased. This obnoxious practice must be stopped.

We request Supreme Court to give a clear direction to all Banks that unless a Court has indicated an amount on which a garnishee order is issued, no amount in excess should be frozen. Also the Garnishee order should apply to money due and payable as on the date of the receipt of the garnishee order and not future receipts. Hence the practice of Banks freezing the account is completely illegal and Banks should be suitably penalized for following such practices. Police issuing notices without indicating the amount under dispute also needs to be stopped. RBI itself should modify its “Freezing” provision and adhere to the known principle of a “Garnishee Order” and not create new provisions of law expanding their powers.

Further, the Court should direct that in all instances where the Bank cannot establish a conspiracy between the victim and the beneficiary, it should be presumed that the liability for the digital arrest payment lies entirely on the Beneficiary’s Bank or jointly by the Beneficiary’s Bank and the Victim’s Bank.

Further it is noticed that when the victim reports to his bankers about any fraud the Banker does not act immediately to stop payment in transit. This is contravening the established Banking practice of “Stop Payment”. Even in the case of Credit card transactions, RBI has taken an untenable stand under which Banks prioritize payments to the acquiring Bank instead of the Credit card owner and refuse charge back requests.

Supreme Court may kindly direct the Banks to honour “Digital Sop Payment” and initiate immediate action to inform the destination Bank whenever a victim reports a fraud or the Bank observes an “Unusual Transaction” so that the destination Bank “Exercised Caution”. These established practices which were prevalent before the advent of Digital Banking have been given up in the new digital banking era and must be restored.

4. Technical Improvements

Since “Collection of Electronic Evidence” is an important requirement for any legal defence, the Telecom operators should be advised to

a) Follow the suggestion of TRAI to display the caller ID linked to the KYC in respect of all calls so that impersonation can be identified
b) Introduce a “Hot button” on the mobile where at the click of a button the screen recording can be silently activated and deposited with a repository at the end of the call so that it is available for evidence. Currently “CEAC drop box” is a service that is available for voluntary deposit of electronic documents for evidentiary purpose. A similar service can be managed either by the law enforcement/MeitY or by a consortium of approved service providers. The user may subscribe to any of the free or paid services so that the evidence can be collected without a problem.

This has no “Privacy” bar since a “Conversation” is a data that belongs jointly to the caller and the called and hence each should be considered to have the right to record particularly when it has to be presented in legal defence of one of the parties. DPDPA 2023 also exempts collection of data for self legal defence.

These technical measures can also be directed to be introduced by the Mobile Service Providers along with a strict directive to ensure KYC for SIM card issue.

Yours sincerely

Na.Vijayashankar

Naavi
(Na.Vijayashankar)

Digital arrest Scam is growing and hard earned money of Citizen being looted by scamsters. Every Agency is doing its best to stop such scams but who is taking care of DIGITAL ARREST SCAM victims by initiating some OUT OF BOX legal measure? These people who have lost crores of rupees are reputed members of our society and having reasonable intellectual level. If they can be scammed then is something wrong in our banking system, which was/is used to siphon this crores of rupees, even outside India?
Dr Mahendra Limaye is representing before various forums for such Cyber-space affected Victims including Digital arrest victims.
Its great beginning where Highest Consumer Commission i.e. NCDRC has admitted such matters and issued notices to BANKS.

There are many such DIGITAL ARREST SCAM victims, who are clueless about this remedy. They can join the battle. I quote famous SHER Majrooh Sultanpuri
MAI AKELA HI CHALA THA JAANIB-E-MANZIL, LOG SAATH ATE GAYE AUR KARWAN BANTA GAYA.

Collectively we can make the change in present mindset of Judicial system in context of CYBER FRAUDS

IS POLICE COMPLAINT IS END OF THE ROAD OF RECOVERY OF HARD-EARNED MONEY LOST BY THE DIGITAL ARREST SCAM VICTIMS?
Dr Mahendra Limaye has recently filed two complaints before NCDRC. The highest consumer Commission in India, scrutinized these issues wherein victims are seeking relief against the banks, whose accounts were used to siphon the money and these banks have been charged with not-complying with various RBI guidelines. The victims lost Rs 10.30 Crore and 5.85 Crore respectively. It is contended by the complainants that Victims have been met with Digital Accident known as Digital arrest and were not at all negligent while parting with their hard-earned money. It was also contended that various mandatory guidelines of Reserve Bank of India were flouted by these banks and which aggravated the passage for siphoning off the money from victim’s account.

The Hon NCDRC Bench consisting of President Retd. Justice. Shri A. P. Sahi and member Mr. Bharatkumar Pandya considered whether such complaints would fall Within the definition of a consumer complaint and what would be the pecuniary jurisdiction to be determined for entertaining such complaints. And after much deliberations issued notices to the banks calling upon them to answer both the complaints.

Assessing the gravity and seriousness of the Digital arrest scams, the Hon NCDRC has also made its intention of seeking assistance of agencies like the Financial Intelligence Unit of India, the Indian Cyber Crime Coordination Centre and such other agencies which may be needed in course of further hearing.

This Admission of complaints filed by Digital arrest Scam victims is certainly encouraging event for the victims as they had no other remedy available to seek the financial relief.

“There are various banking guidelines issued by RBI, for protection of bank account holders and when banks own Duty of Care towards its customers, non-compliance of these guidelines must result in penalizing the banks and providing compensation to the bank consumers. If other such victims of Digital Arrest scam come forward and take up their matters before appropriate foras, courts will also realize the quantum and perhaps some government intervention is also possible for compensating the victims” feels Adv Dr Mahendra Limaye who is representing the two victims in above cases a/w Adv Alok Sharma.

Adv Dr Mahendra Limaye
Cyber Legal and Data Privacy Consultant
9422109619/8830139056

The comments/ debates are welcome for better understanding of one and all.

Dr Mahendra Limaye
The author is having Doctorate in Law and practices in specialised domain of Cyber Litigation and is FDPPI certified Daat Privacy Professional.