Safer Internet Day: Building Digital Awareness in India

Only 38% of Indian internet users could correctly identify a phishing email when shown one during a 2025 digital literacy assessment conducted across twelve states. The study, run by a consortium of academic institutions and NGOs with support from the IT Ministry, tested around 45,000 participants in eight languages. Less than a quarter of rural respondents got the answer right. Among urban users under 25 -- supposedly the "digital native" generation -- the number was only marginally better at 44%.

That single statistic, tucked away in a report most people haven't read, tells you almost everything about the state of internet safety awareness in India. We've got over 850 million internet users as of late 2025, making us the second-largest connected population on the planet. Hundreds of millions of those users came online in just the last five or six years, pulled in by cheap Jio data plans and affordable smartphones. They can order groceries on Zepto, send money on PhonePe, and video-call relatives on WhatsApp. What many of them can't do is tell the difference between a real bank SMS and a fake one.

What Safer Internet Day Is, and Why India Should Care More Than Most

Safer Internet Day falls on the second Tuesday of February each year. It started as a European initiative back in 2004 and has since grown into a global event observed in over 180 countries. The idea is simple: one day a year to focus attention on making the internet a better, safer place, especially for young people. India's participation has been growing, with CERT-In, the Ministry of Electronics and IT, and various state governments organizing events, workshops, and awareness campaigns around the date.

But one day isn't going to fix a country-sized problem. The gap between India's pace of digitization and its pace of digital education is wide and getting wider. We're connecting people to the internet faster than we're teaching them how to use it safely. That's not a criticism of the users -- it's a failure of institutions, curricula, and priorities.

The Numbers Behind the Problem

India reported over 14.5 lakh cybercrime complaints through the National Cyber Crime Reporting Portal in 2025. Financial fraud was the top category by a wide margin -- UPI scams, fake investment schemes, loan app harassment, and the ever-present "KYC update" phishing calls. The total reported losses crossed Rs 14,000 crore, and that's just the cases people actually reported. Estimates from industry bodies suggest the real number could be three to five times higher, since most victims either don't know where to report or don't bother because they've lost hope of recovering the money.

Cyberbullying complaints involving minors jumped significantly. The National Commission for Protection of Child Rights flagged a 40% increase in online harassment cases referred to it between 2024 and 2025. Sextortion, morphed images, and coordinated harassment campaigns on Instagram and Snapchat were the most common patterns. Many of these cases involved children between 12 and 16 who had no guidance on what to do when things went wrong.

Misinformation remains a persistent headache. During state election cycles in 2025, fact-checking organizations identified thousands of manipulated images, deepfake videos, and misleading WhatsApp forwards designed to inflame communal sentiments or smear candidates. WhatsApp's forwarding limits helped somewhat, but the volume was overwhelming. A coordinated effort by the Election Commission, platforms, and civil society groups made some dent, but the infrastructure for large-scale fact-checking in regional languages is still thin.

The School Curriculum Gap

India's National Education Policy 2020 talks about digital literacy and computational thinking. It's there in the document. The problem is translating policy language into classroom practice. Most government schools in India still treat computer education as "learning to use MS Word and PowerPoint." The CBSE introduced a revamped Computer Science curriculum for classes 11 and 12, and some private schools have adopted digital citizenship modules. But for the vast majority of India's 1.5 million-plus schools, there's no structured teaching about online safety, privacy, or critical thinking about digital content.

I spoke to a teacher in a government school in Madhya Pradesh who told me her school's "computer lab" has eight functional machines for 600 students, and the syllabus still references Internet Explorer. When I asked if students learn about phishing, passwords, or online privacy, she looked at me like I'd asked whether they learn astrophysics. The gap between what students need and what schools deliver is enormous.

Private schools in metros do better, though not always by much. Some have partnered with organizations like the Cyber Peace Foundation and iSafe to run workshops on cyberbullying and digital footprints. A few elite schools in Delhi and Mumbai have hired dedicated "digital wellness counselors." These are useful initiatives, but they reach a tiny fraction of Indian students. The kid in a government school in Jharkhand deserves the same education about online safety as the kid in a South Delhi prep school. Right now, they're not getting it.

What the Government Is Doing (and What It Isn't)

There are genuine efforts worth acknowledging. The Digital India programme has expanded internet access to hundreds of thousands of villages through BharatNet. Common Service Centres (CSCs) in rural areas sometimes double as digital literacy hubs, teaching basic computer skills and internet usage. The Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) run by CERT-In provides free tools for detecting and removing malware from personal devices. It's a good resource that almost nobody knows about.

The ISEA (Information Security Education and Awareness) programme has developed training materials and courses, some of which are freely available online. CERT-In regularly publishes advisories about new threats and vulnerabilities. The 1930 cybercrime helpline has been operational since 2021 and has handled millions of calls.

What's missing is scale and integration. These programmes run in parallel, often without coordinating with each other or with the education system. A farmer in Bihar who's just started using UPI isn't going to visit the Cyber Swachhta Kendra website or read a CERT-In advisory. He needs someone at the local bank branch or CSC to sit with him for fifteen minutes and show him what a scam SMS looks like versus a real one. That kind of last-mile education effort exists in pockets but hasn't been systematized.

The Pradhan Mantri Gramin Digital Saksharta Abhiyaan (PMGDISHA) has claimed to train over 6 crore rural Indians in digital literacy. That's an impressive number on paper. But audits and evaluations have raised questions about the quality of training. Much of it covered basic skills -- turning on a device, opening an app, sending an email -- without touching on safety, scams, or privacy. Knowing how to use the internet and knowing how to use it safely aren't the same thing.

NGOs and Civil Society Filling the Gaps

Some of the most impactful work on digital awareness in India is happening outside government. The Cyber Peace Foundation has run workshops in over 500 districts, training students, teachers, and law enforcement officers on cyber hygiene. IT for Change, based in Bangalore, focuses on gender and digital rights, working with women and girls in rural Karnataka on safe internet practices. The Internet Freedom Foundation (IFF) has done extensive advocacy work on surveillance, privacy, and censorship -- their "SaveOurPrivacy" campaign played a role in pushing for the DPDPA.

Local initiatives matter too. In Kerala, a state-level programme called K-SAFE trains school students as "cyber ambassadors" who then educate their peers and families. Tamil Nadu's police force runs a social media-savvy awareness campaign through their "Cyber Crime Wing" accounts that reaches millions. These state-level efforts show what's possible when there's political will and a bit of creativity.

Religious and community organizations, surprisingly, have also started stepping in. I've heard of temples and mosques in rural UP and Maharashtra that host monthly "digital safety" sessions after prayers, where volunteers explain common scams to elderly congregants. It's grassroots, informal, and probably more effective than any government pamphlet.

The Language Barrier Nobody Talks About

Here's something that gets overlooked in nearly every conversation about digital literacy in India. Most cybersecurity awareness content -- the CERT-In advisories, the platform help pages, the explainer articles (including, I'll admit, a lot of what we publish on this site) -- is in English. India has 22 officially recognized languages and hundreds more spoken across the country. Only about 10% of Indians are comfortable reading English.

When a grandmother in a village in Odisha receives a phishing SMS in Odia, where does she go for help? Google's safety tips are in English. Her bank's fraud awareness page might have a Hindi version, but not Odia. The Cyber Crime portal is available in Hindi and English. For the hundreds of millions of Indians who operate primarily in Bangla, Tamil, Telugu, Marathi, Gujarati, Kannada, or any of the other languages, safety information is hard to find in a language they can actually understand.

This isn't just a convenience issue. It's an access-to-safety issue. If you can't read the warning, the warning doesn't exist for you. Some NGOs are working on this -- translating awareness materials, creating video content in regional languages, using WhatsApp voice notes to reach people who can't read well. But it's a drop in an ocean-sized need.

The Rural-Urban Digital Divide

India's internet penetration, while impressive in aggregate, masks a stark divide. Urban internet penetration is around 70-75%. Rural penetration hovers near 35-40%, depending on whose numbers you trust. The users coming online in rural areas tend to be on low-end smartphones with limited storage and processing power, using prepaid data plans that make them reluctant to download security apps or updates that consume precious megabytes.

Many rural users experience the internet almost exclusively through a handful of apps: WhatsApp, YouTube, PhonePe or Google Pay, and maybe a regional news app. Their understanding of the internet is shaped by these apps. The concept of a "website" is abstract. The notion that a link in a WhatsApp message could lead to a fake website designed to steal their money requires a mental model of the internet that many first-generation users simply haven't built yet.

I'm not being condescending here. These are smart, capable people who are picking up technology rapidly. But they're picking it up without the scaffolding that urban users absorbed over years of exposure. An urban professional who's been using the internet since 2005 has had two decades to build an intuitive sense of what looks "phishy." Someone who got their first smartphone in 2022 hasn't had that time.

Bridging this gap requires meeting people where they are. Training sessions in local languages, at community centers, using examples and scenarios that are relevant to their daily lives -- not abstract cybersecurity jargon, but "here's what happens when someone calls you saying your Aadhaar is being deactivated." The Aadhaar deactivation scam, by the way, is one of the most common ones in rural India right now. It works precisely because Aadhaar is tied to so many government benefits that the fear of losing access is immediate and visceral.

What Families Can Do Right Now

Safer Internet Day is a good prompt to have conversations that many families avoid because they feel awkward or technical. Here are things that don't require any technical expertise:

Talk to your children about what they do online. Not in a surveillance way -- in a curious way. "What are you watching on YouTube?" "Who do you talk to on Discord?" "Has anyone ever sent you something that made you uncomfortable?" These conversations are more protective than any parental control software, because they build trust. A child who trusts their parent enough to say "someone sent me a weird message" is safer than a child whose phone is locked down but who'd never tell their parent anything.

Teach older family members the one rule that prevents most financial scams: no legitimate organization will ever ask you for your OTP, PIN, or password over the phone. If they remember nothing else, that single rule blocks the majority of phone-based scams targeting seniors in India. Write it on a piece of paper and stick it next to their phone if you have to.

Check the privacy settings on your family's devices and accounts. Instagram, WhatsApp, YouTube -- all of them have privacy controls that most people have never touched. Spend twenty minutes going through them together. Set accounts to private where appropriate. Turn off location sharing. Disable ad personalization. It's not about being paranoid; it's about not giving away data for free when you don't have to.

If your family uses shared devices (common in many Indian households where one smartphone serves multiple family members), set up separate user profiles where possible. Android supports multiple user profiles. This prevents one family member's browsing or app activity from affecting another's accounts and data.

And here's one more that people overlook: update your family's devices. That "Software Update" notification everyone keeps dismissing for weeks? Those updates often patch security holes that attackers are actively exploiting. On Android phones especially, where manufacturers are sometimes slow to push updates, check Settings > System > Software Update at least once a month. Same for apps -- go to the Play Store or App Store and update everything. Old versions of WhatsApp, Chrome, and banking apps have had serious vulnerabilities that were fixed in later releases. Running an outdated app is like leaving a window open and hoping nobody notices. The update takes five minutes on a decent Wi-Fi connection. The vulnerability it patches could save your family from a breach that takes months to clean up.

Looking Ahead (With Honest Uncertainty)

I'd like to end by saying India is on the right track and things will get better. And maybe they will. The DPDPA, for all its flaws, is a step forward. CERT-In is more active than ever. Awareness is growing, slowly. The generation coming up now -- kids who've had smartphones since age ten -- will probably have stronger digital instincts than their parents.

But I'm not sure that's enough, or that it's happening fast enough. The scammers are getting better faster than the awareness programmes are scaling. AI-generated phishing content is making scam messages more convincing and harder to distinguish from real ones. Deepfake technology is being weaponized for sextortion, political manipulation, and financial fraud. The next wave of threats isn't going to wait for us to finish training the current generation.

What I do know is that every person who learns to spot a phishing link is one less victim. Every parent who talks to their child about cyberbullying is building a slightly safer internet. Every local volunteer who explains UPI scams at a community center is doing work that matters, even if it never shows up in a government report. That's what Safer Internet Day is really about -- not the events and hashtags, but the small acts of teaching and learning that happen when someone cares enough to share what they know with someone who doesn't know it yet. Whether we'll do enough of that, quickly enough, to keep pace with the threats? I genuinely don't know.