Cybercrime is no longer an urban problem. It reaches every smartphone in every village, often faster than electricity or banking literacy. In Chandwaji, a village near Jaipur, Rajasthan, a group of 30+ students from the Forensic Science Department of NIMS University, Jaipur, under the NIMS NSS Club, spent a day talking to farmers, shopkeepers, students, and homemakers about the scams they had already heard of — and the ones they had not. This is what we learned, what we taught, and why a single number, 1930, can be the difference between losing savings and stopping a fraud in its tracks.
1. Why a village campaign matters more than you think
Most people in Chandwaji own a smartphone. Many use UPI, WhatsApp, and YouTube daily. A smaller but growing number have tried online job portals, instant loan apps, and crypto investment tips shared in Telegram groups. The gap is not technology adoption; it is risk awareness. The same trust that makes a village community work — helping a neighbour, believing a caller who sounds official, sharing an OTP to 'complete' a transaction — is what cyber criminals exploit.
The students set up chairs in a courtyard, distributed printed handouts in Hindi, and spoke one-on-one with anyone who walked in. The stories came quickly. A young man had received a 'job offer' asking for ₹3,500 for registration. A grandmother's son had almost shared his OTP with a caller pretending to be from a bank. A shopkeeper had been added to a fake 'Flipkart seller' group. None of these were abstract threats. They were near-misses or small losses that people had not reported because they felt embarrassed or did not know where to go.
2. UPI and OTP fraud: the most common trap
The fraud we discussed most often starts with a phone call. The caller claims to be from a bank, a wallet company, or a delivery service. They say there is a problem: a failed transaction, a refund, a package stuck at customs, or a SIM upgrade. Then they ask the victim to share an OTP, 'verify' their UPI PIN, or install a screen-sharing app such as AnyDesk or TeamViewer.
The key point we repeated: no bank, no government office, and no delivery company ever asks for an OTP or UPI PIN. Those numbers are not verification codes; they are authorization codes. The moment you read one out loud, the fraudster can move money out of your account. We taught people to end the call immediately and report the number to 1930. If money has already left the account, speed matters. The 1930 helpline connects victims to the National Cyber Crime Reporting Portal, where a complaint can be registered and banks alerted to freeze the transaction chain before the money is layered through multiple accounts.
3. Fake jobs, loan apps, and investment scams
Young people in the village were especially targeted by fake job offers. The pattern is recognizable once you know it: a message on WhatsApp or Telegram offers easy work-from-home tasks, data entry, or part-time reviewing. The 'company' sends a small payment to build trust, then asks the victim to pay a registration fee, a security deposit, or an advance for 'premium tasks.' After the payment, the contact disappears.
Instant loan apps work in reverse. They promise quick cash with minimal paperwork, then steal contacts, photos, and messages from the phone. When the victim struggles to repay the high interest, the app operators harass the borrower and their entire contact list with morphed images and threatening calls. The shame is so intense that many victims stay silent. We told them that silence helps the criminal. Reporting to cybercrime.gov.in or calling 1930 starts a documented trail that can shut the app down and protect others.
Investment scams were a newer threat. Villagers had been invited to Telegram channels promising 'guaranteed' returns in crypto, stock tips, or forex trading. The operators show fake profits, ask the victim to invite friends, and then vanish once the pool is large enough. We explained that no legitimate investment guarantees fixed daily returns, and that any scheme which pays you for recruiting others is a pyramid scam, not a business.
4. How a fraud actually happens: the psychology
Cyber fraud is not magic. It is a structured process that exploits urgency, authority, and fear. The first step is contact: a call, a message, a fake website, or a social media ad. The second step is the hook: a problem that needs immediate fixing or a reward that is about to expire. The third step is trust-building: fake IDs, fake government letterheads, screenshots of successful payments, or testimonials from people who look like the victim. The fourth step is the ask: share an OTP, pay a small fee, install an app, or transfer money to a 'safe' account. The final step is the exit: the fraudster disappears, the number stops working, and the victim is left with guilt instead of evidence.
We taught people to slow down. A genuine bank problem can be solved by walking into a branch or calling the official number printed on the debit card. A genuine refund does not require a UPI PIN. A genuine job offer does not ask for money to get started. The pause between receiving a demand and responding is where most frauds fail. That pause is the most important security tool most people have.
5. The 1930 helpline and the National Cyber Crime Reporting Portal
1930 is the national cybercrime helpline. It is available 24 hours, and it is the fastest way to report a financial fraud in progress. When a victim calls within the 'golden hour' — the first few hours after a fraudulent transaction — the call centre can coordinate with banks to freeze the receiving account and trace the money trail. The sooner the call, the better the chance of recovery.
For cases that are not immediately urgent, victims can also file a complaint at cybercrime.gov.in. The portal accepts complaints in Hindi and English, allows document uploads, and assigns a ticket number for tracking. We encouraged everyone to save screenshots of messages, record call details, and note transaction IDs before submitting a complaint. Evidence is what turns a frustrated phone call into a recoverable case.
For the campaign, we printed small cards with the 1930 number and the cybercrime.gov.in address. We told people to keep the card next to their phone, not just because they might need it, but because neighbours and relatives might need it too. Awareness spreads fastest when trusted local voices repeat the same message.
6. What forensic science students brought to the field
The Forensic Science Department at NIMS University trains students to handle evidence, preserve chains of custody, and communicate technical findings clearly. In Chandwaji, those skills translated into practical advice. Students showed people how to take screenshots that preserve timestamps, how to lock down a compromised phone by revoking app permissions and changing passwords, and how to document a harassment trail from a loan app before deleting it.
We also demonstrated the basics of digital evidence. A deleted message is not always gone. A screenshot without metadata can still be useful. A single complaint number can connect a victim to a larger investigation. Forensic science is not only about crime scenes and laboratories; it is also about helping ordinary people protect themselves and recover when protection fails.
The NSS framework gave the campaign structure and accountability. Students arrived as volunteers, not experts with authority, and that made conversations easier. People asked questions they might have hesitated to ask a police officer. Students answered honestly, admitted when they did not know something, and directed people to official channels. The goal was not to impress; it was to make cyber safety feel normal and possible.
7. Red flags everyone should remember
We ended every session with a simple checklist. If a message or call includes any of these, stop and verify before acting: an urgent deadline, a request for an OTP or PIN, a demand to pay to receive a prize or job, a link that looks almost like a real website but is slightly misspelled, a request to install an app you do not recognize, or a threat of legal action if you do not comply immediately. Real institutions do not behave this way.
We also advised practical habits: enable two-factor authentication on email and banking apps, set a UPI PIN that is different from your phone unlock code, avoid saving card details on unfamiliar websites, and treat every unknown link as guilty until proven otherwise. Children and elderly family members should be taught to ask a trusted person before making any payment online. In a household, one alert person can protect everyone.
The Chandwaji campaign was a single day in one village, but the lessons are universal. Cybercrime succeeds when people feel isolated, rushed, or ashamed. It fails when communities talk openly, when victims know to call 1930 immediately, and when forensic science students step outside the classroom to translate expertise into protection. Awareness is not a lecture. It is a habit, a helpline, and a neighbour willing to ask the obvious question: are you sure this is real?