Fake Aadhaar, PAN-printing websites use customers’ info for cyber fraud in Uttar Pradesh

The Uttar Pradesh police is investigating a number of such cases

Published - October 09, 2022 05:55 pm IST - Noida:

Image for representation.

Image for representation. | Photo Credit: Sampath Kumar G. P.

Hundreds of fake identity card-printing websites are operating out of Uttar Pradesh and duping people by using their personal information, according to a cyber security research firm.

The websites put out advertisements offering to make physical identity cards like Aadhaar, PAN, and driving licence, and deliver those at the customers’ doorstep at affordable rates, CloudSEK, the Bengaluru-based firm, has claimed.

The personal information of people is used to carry out social engineering attacks, identity thefts, phishing attacks, while it can also be exploited to carry out unauthorised financial transactions and issuing SIM cards illegally, it noted.

A large number of such cyber threat actors mushroomed following the outbreak of the COVID-19 pandemic and are based in western Uttar Pradesh, CloudSEK has found in a new research.

When contacted, Superintendent of Police, Cyber Crime, Uttar Pradesh, Triveni Singh told PTI that his department is aware of complaints of impersonation and already investigating a number of such cases.

“Such matters are being reported from bigger cities, especially those in the National Capital Region (NCR),” he said.

Mr. Singh asked people to report any online offence immediately at the dedicated helpline number 1930 or at cybercrime.gov.in.

Majority of population prefers physical copies to digital ones: Report

Earlier, CloudSEK’s contextual artificial intelligence (AI) risk platform uncovered identity card-printing frauds orchestrated by Uttar Pradesh-based groups as it noted that despite India’s digital revolution, a large swathe of the population still prefers physical copies over digitised versions of documents, especially when it comes to identity cards such as a driving licence, and Aadhaar.

“This need accounts for the existence of corner shops that provide ID-printing services. However, with physical stores shutting down due to the pandemic, many have turned to the internet to avail ID-printing services,” it noted.

Threat actors are jumping on the bandwagon by hosting fake websites and impersonating major Indian firms that claim to deliver hard copies of identity cards. Scores of Indian citizens have fallen prey to this scam, according to CloudSEK.

“The domains impersonate popular Indian brands, including various telecommunication providers, banks, payment wallets, courier services etc. This includes Fino Payments Bank, DTDC, India Post etc. to present themselves as a legitimate business,” the research document stated.

“The threat group employs Google Ads, social network pages and SEO optimisation techniques to distribute and popularise these domains. Victims are duped into sharing their PII (personally identifiable information) and one-time passwords (OTPs) on a KYC portal integrated with popular payment channels,” it added.

The lure of easy money or cheap services prompts unsuspecting users to click on the links and visit malicious websites, which are often promoted using SEO (search engine optimisation) techniques, and on social media platforms such as Facebook, Instagram, Twitter and YouTube.

According to CloudSEK, it has uncovered multiple YouTube videos and channels with many views that were embedded with the links associated with these malicious domains.

“Threat actors can leverage the PII to carry out other social engineering attacks, identity thefts, phishing attacks etc. OTPs can be used to carry out unauthorised transactions from the victims’ bank accounts. Threat actors can register SIM cards in the name of the victims and use those for illegal activities,” it stated.

"Aadhaar card and PAN card details can be used to create fake bank accounts, apply for loans or to carry out other malicious activities," it added.

On safeguard measures, the leading cyber security research firm cautioned people against clicking on suspicious links and advised them to ignore e-mails or messages from unknown sources.

“Enter your ID data only on official government websites (sites with the .gov extension). Be cautious when entering it on any other sites,” it added.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.