Deepfake Liveness Bypass Fraud — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 27, 2026

Severity: CRITICAL | View Full Scam Details

Deepfake Liveness Bypass Fraud in India 2026: A Critical Cyber Threat to Your Aadhaar and UPI Security

Deepfake Liveness Bypass Fraud is an advanced AI-driven threat rapidly targeting Indian users by tricking biometric systems in banks, UPI apps, and Aadhaar-based services, leading to serious financial loss.

What Is the Deepfake Liveness Bypass Fraud?

Deepfake Liveness Bypass Fraud uses artificial intelligence to deceive biometric security checks that many Indian digital services rely on. These systems typically require "liveness detection" — verifying real-time facial movement or voice commands — to ensure the person authorising transactions or accessing accounts is genuine. Fraudsters employing this scam can create highly realistic fake videos and voice recordings, known as deepfakes, which imitate victims’ faces and voices. These deepfakes are then fed into biometric verification systems, fooling them into accepting the fake user as the legitimate person.

This scam primarily targets users of Aadhaar-based KYC processes, UPI apps like Google Pay or PhonePe, and mobile banking apps that use facial or voice biometrics for authentication. Due to the popularity of biometric logins in India, especially after RBI and UIDAI encouraged digital identity use for streamlined services, this fraud is a growing concern. Though exact numbers are not publicly disclosed, multiple cybercrime complaints received by CERT-In and I4C indicate rising cases, especially in metropolitan cities and digitally active regions.

Official alerts on this scam type emphasise that biometric security is not foolproof against AI-powered deepfakes. CERT-In advises users and service providers to remain vigilant and update liveness detection technology continuously. RBI’s IT department has also issued warnings about evolving digital frauds involving biometric spoofing, urging banks to strengthen multi-factor authentication.

How This Scam Works — Step by Step

1. Initial Contact: Scammers first collect personal details through WhatsApp messages, social media profiles, or phishing calls posing as bank officials, government agents, or customer service representatives. They may lure victims with promises of loans, government subsidies, or urgent account verification.

2. Building Trust: The fraudsters pressure the victim to perform biometric verification on a fake or compromised app, or guide them to use links that request biometric scanning under false pretenses.

3. Gathering Biometric Data: Using the victim’s cooperation, scammers record live video or audio clips through video calls or app prompts. This data is then used to create deepfake videos or voice models.

4. Bypassing Liveness Checks: The AI-generated deepfakes are submitted to biometric systems that rely on liveness detection. Because these systems detect facial movements and voice, the realistic deepfakes trick them into granting access, bypassing real-person checks.

5. Transaction or Account Takeover: Once verification is passed, scammers initiate unauthorized money transfers via UPI or banking apps, change SIM card details, or even access Aadhaar-linked services.

6. Covering Tracks: Victims often receive fake transaction alerts or delayed notifications, reducing their chance to stop transactions or raise timely alarms.

Real Warning Signs to Watch For

• Unexpected calls or WhatsApp messages asking for biometric verification or login on unfamiliar apps.
• Requests to perform facial or voice verification outside official app environments.
• Pressure tactics insisting on urgent completion of verification steps.
• Links or apps shared that do not come from verified bank or government sources.
• Receiving verification OTPs (One-Time Passwords) without initiating any transaction.
• Notifications about SIM card changes or bank details updates without your action.
• Sudden failure in regular biometric login attempts on genuine apps.

What Happens to Victims

Victims often lose significant amounts of money from their bank or UPI-linked accounts, as scammers use deepfakes to bypass even the strictest biometric security measures. Unlike regular frauds, biometric spoofing allows thieves to operate seamlessly without usual red flags, causing delayed detection.

The emotional toll is also heavy. Victims may feel violated knowing their facial and voice identity has been misused. The misuse of Aadhaar-linked data can complicate account recovery due to identity theft or SIM swaps, making banking and government service access difficult.

UPI reversals and bank claim processes may take weeks or longer, during which victims face financial uncertainty. The reported cases to cybercrime authorities and banks show victims struggling to prove their innocence when sophisticated AI was involved.

What RBI and CERT-In Say

The Reserve Bank of India (RBI) regularly issues advisories emphasizing layered security for digital transactions, warning against over-reliance on single-factor biometric authentication without additional safeguards. RBI’s official helpline can assist users facing fraud, available at 1800-112-665 or the banking grievance portal.

CERT-In has highlighted AI-powered frauds as a high-risk area in recent cyber threat reports, advising continuous improvement in biometric liveness detection methods and user awareness campaigns.

India’s Integrated Cyber Crime Coordination Centre (I4C) recommends immediate reporting of suspicious calls, messages, or biometric failures to cybercrime.gov.in and using the national helpline 1930 for cybercrime complaints.

How to Protect Yourself

1. Always verify the source of any biometric verification request — do not respond to unsolicited calls or WhatsApp messages asking for face or voice scans.
2. Use official bank and UPI apps downloaded only from trusted app stores.
3. Never share OTPs, biometric scans, or personal login details with anyone, even if they claim to be officials.
4. Enable additional security layers like PINs, passwords, or device-based authentication alongside biometrics.
5. Regularly check your bank and UPI transaction history for unauthorized activity.
6. Register for mobile alerts on banking transactions and SIM changes through your network operator.
7. Keep your phone’s software and security apps updated to protect against malware targeting biometric data.

What to Do If You've Been Targeted

1. Immediately block your UPI and bank accounts by contacting your bank’s customer service or helpline.
2. Report the fraud at cybercrime.gov.in and call the national cyber crime helpline number 1930.
3. File a police complaint (FIR) at your local cybercrime cell with all details and evidence.
4. Contact your mobile network provider to check for any SIM swap requests and block unauthorized changes.
5. Request Aadhaar locking/unlocking or report misuse through UIDAI’s official channels.
6. Inform RBI’s banking grievance cell if transaction reversals or dispute resolution is needed.
7. Change all related passwords and enable two-factor authentication on all linked services.

Frequently Asked Questions

Q: Can deepfake fraud happen only on phones, or are computers also targets?
Deepfake Liveness Bypass Fraud mainly targets mobile apps and services using biometric authentication, as smartphones are the primary devices for Aadhaar, UPI, and banking in India. However, desktops with biometric devices can also be vulnerable if liveness detection is weak.

Q: How can I verify if a video or voice call is a deepfake?
It’s very difficult for individuals to detect deepfakes just by looking or listening. Be cautious of unexpected requests for biometric use and verify the caller through official bank or government helplines before sharing any personal data.

Q: Are there any banks or UPI apps completely safe from this scam?
No system is 100% safe, but banks and apps that use multiple security factors beyond biometrics reduce risk. RBI’s guidelines encourage multi-layered authentication combining biometrics with PINs, passwords, or device binding to enhance safety.

Always think twice when sharing biometric data, even with what appears to be official sources.

Protect yourself by verifying suspicious messages and calls at BharatSecure.app and report fraud promptly through the 1930 cybercrime helpline.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.