AI deepfake fraud bypasses Aadhaar, OTP safeguards in ₹25,000 loan scam

A sophisticated cyber fraud case in Ahmedabad has exposed alarming vulnerabilities in digital identity systems, with a gang allegedly using artificial intelligence to bypass Aadhaar verification and execute a ₹25,000 fraudulent loan — without triggering OTP alerts.

The fraud surfaced on April 30 after a city-based businessman, engaged in import-export, noticed he had not received any OTPs from his bank for two days. Sensing irregularities, he approached the police—uncovering a complex identity breach.

The Ahmedabad Police Cyber Crime Branch arrested four accused — Kanubhai Parmar, Ashish Vanand, Mohammad Kaif Patel and Deep Gupta — who allegedly deployed AI tools, including Google Gemini, to create deepfake videos of the victim and circumvent biometric authentication linked to Aadhaar.

Investigators found that the mobile number linked to the victim’s Aadhaar had been altered without OTP verification, effectively diverting all alerts to numbers controlled by the accused. The gang also tampered with biometric data, enabling seamless authentication bypass.

Using the stolen identity, the accused attempted to open accounts across three banks via e-KYC, ultimately succeeding with Jio Payments Bank, through which they secured a ₹25,000 loan. They also accessed the victim’s DigiLocker account to retrieve sensitive documents.

Police said one of the accused, employed at a Common Service Centre, misused authorized access to Aadhaar systems and official kits to execute the mobile number change — highlighting insider vulnerability as a critical weak point.

Officials described the method as unusually sophisticated, combining AI-generated deepfakes with system-level manipulation to evade standard safeguards like OTP-based verification.

The incident comes days after Nirmala Sitharaman chaired a high-level meeting with top banking officials to assess emerging cybersecurity risks posed by rapidly advancing AI systems. Concerns discussed included threats linked to models such as Claude Mythos, which has recently drawn scrutiny over potential misuse and unauthorized access.

As AI capabilities evolve, the case underscores a growing challenge: traditional digital safeguards — once considered robust — are now being tested by increasingly intelligent and adaptive fraud techniques.