Delhi man loses ₹10.8 lakh in fake KYC scam orchestrated from Jharkhand

In a chilling reminder of the growing menace of cyber fraud, a 49-year-old man from Delhi lost ₹10.8 lakh after falling prey to a fake KYC update scam run by an organized cybercrime racket based in Jharkhand’s Jamtara — a region infamously dubbed India’s phishing capital.

The victim, K C Barthwal, a resident of Palam, approached the South West Delhi cyber police in April after discovering a string of unauthorized transactions on his credit card. The ordeal began on April 5, when he received a call from an individual posing as a representative from his bank’s Mumbai office.

The caller claimed ₹588.82 had been debited from Barthwal’s card and offered assistance to block it — on the condition that he updated his KYC via a link sent on WhatsApp.

Believing the call to be genuine, Barthwal clicked the link and unwittingly handed over his credit card details, including the card number, CVV, expiry date, and one-time passwords (OTPs). Over the next three days, the fraudsters used this information to siphon ₹10.8 lakh through a series of transactions.

According to DCP (South West) Amit Goel, the police tracked the digital footprint of the scammers to Karmatar in Jamtara, Jharkhand—known for its entrenched cybercrime networks. “The accused created a phishing ecosystem that replicated the look and feel of official bank portals. They even used a malicious mobile application disguised as ‘Customer Support’ to intercept OTPs and access internet banking in real time,” Goel revealed.

Following a two-day operation involving technical surveillance and undercover work, Delhi Police arrested Mujaffar Jilani and Aftab Ansari from Jamtara. Their interrogation led to the arrest of the third accused, Mohammad Iqbal Raza.

Police investigations uncovered a layered modus operandi: the gang used spoofed calls to gain the victim's trust, fake KYC links to steal credentials, and an APK file to hijack mobile communications. The stolen money was laundered via gaming platforms and e-wallets including A23 Gaming, Classic Rummy, Mobikwik, and Umpire First Gaming, before being withdrawn using fake SIM cards and mule accounts.

Authorities recovered five smartphones, six SIM cards, and a debit card linked to the crime. The trio has also been connected to multiple cyber fraud complaints logged on the National Cybercrime Reporting Portal.

Cybercrime units across states have now been alerted to the gang’s elaborate laundering chain, with digital wallets and gaming apps coming under renewed scrutiny for their role in facilitating anonymous money movement.

As digital banking becomes the norm, officials reiterated the need for public awareness and vigilance. “No bank will ever ask for KYC updates via unsolicited links or calls. Always verify the source before sharing any information,” Goel cautioned.