Deepfake Liveness Bypass Scam in Bank Onboarding — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 28, 2026

Severity: CRITICAL | View Full Scam Details

Deepfake Liveness Bypass Scam in Bank Onboarding India 2026: A Critical UPI & WhatsApp Threat

New reports show that fraudsters in India are using deepfake technology to bypass bank KYC checks during onboarding, risking your UPI and Aadhaar-linked accounts.

What Is the Deepfake Liveness Bypass Scam in Bank Onboarding?

The deepfake liveness bypass scam is a high-tech fraud targeting new bank customers during their digital onboarding process. Banks in India often use video-based KYC (Know Your Customer) verification with “liveness detection” — a security measure that confirms a live person is on camera, preventing identity theft using photos or videos. However, cybercriminals have started using deepfake videos (AI-generated fake videos that look very real) to trick these liveness tests and impersonate legitimate customers.

This scam mainly affects individuals opening bank accounts or payment wallets linked to Aadhaar and UPI (Unified Payments Interface). Fraudsters allegedly upload deepfake videos that simulate the victim’s face and head movements, bypassing biometric checks without the victim’s knowledge. Once authenticated, these criminals can link bank or UPI accounts to their devices or apps, potentially accessing funds, stealing personal data, or opening fraudulent loans.

While not yet mass-scale, cases reported to police and CERT-In (India’s national cybersecurity agency) have risen sharply in 2025-26. Authorities warn this scam threatens India’s push for digital financial inclusion but has critical risks for exposed individuals.

How This Scam Works — Step by Step

1. Initial Contact Through WhatsApp or Phone Call: Victims receive a message or a call, often claiming to be from a bank or an official financial service, offering help to open a new account or upgrade existing KYC for better UPI/loan facilities.

2. Fake KYC Link or App Shared: The suspect sends a link to a fake customer onboarding portal or a malicious app that mimics the bank’s real interface. Victims enter personal details including Aadhaar numbers, PAN, and mobile number.

3. Deepfake Video Request: The site/app prompts the victim for a “liveness check,” requesting a short video or live selfie. Unbeknownst to the victim, the fraudsters use AI deepfake tools to generate a realistic video of the victim’s face, simulating head movements and blinking to fool liveness detection.

4. Successful Biometric Bypass: The hacked liveness system confirms the deepfake video as authentic. The fraudsters exploit this approval to complete KYC and link the victim’s Aadhaar with new virtual UPI IDs or wallet accounts.

5. Unauthorized Transactions and SIM Swapping: Using the newly onboarded account, fraudsters initiate UPI payments or loans. They may also perform a SIM swap by convincing mobile operators to transfer the victim’s number to a new SIM, gaining control of OTPs and financial alerts.

6. Victim Notices Loss: Transactions or loan dues appear suddenly, leaving victims financially drained and struggling to reclaim control.

Real Warning Signs to Watch For

• Receiving unsolicited WhatsApp messages or calls asking for sensitive info to “upgrade” bank or payment accounts
• Links or apps that look like official bank portals but have odd URLs or spelling mistakes
• Requests to share live videos or selfies outside official banking apps
• Being asked to download little-known apps for KYC without proper bank authentication
• Unexpected SMS or calls about UPI payments or loans you did not initiate
• Alerts about SIM changes you didn’t request
• Pressure to provide Aadhaar or PAN details quickly over phone or chat

What Happens to Victims

Victims often suffer severe financial losses in thousands or lakhs of INR, with stolen funds channelled through multiple UPI IDs or wallets that are difficult to trace. Complaints reported to cybercrime cells mention challenges reversing such UPI transactions, especially when linked to fraudulent KYC. Aadhaar misuse can also lead to identity theft beyond banking, affecting credit scores and access to government benefits.

Emotionally, victims face distress, anxiety, and a prolonged fight to prove innocence to banks and law enforcement. This scam’s use of advanced AI makes victims doubt their own digital identity, complicating recovery.

What RBI and CERT-In Say

The Reserve Bank of India (RBI) has issued multiple advisories emphasizing enhanced vigilance around digital onboarding and stringent biometric authentication. While RBI currently mandates multi-factor checks for KYC, it warns financial institutions about the growing risk of synthetic identity fraud using AI.

CERT-In has highlighted the threat of deepfakes and synthetic media in recent cybersecurity alerts, urging banks and payment platforms to invest in advanced AI detection and educate users about verification protocols.

For assistance or to report cyber fraud, victims can call the government’s 1930 cybercrime helpline or reach out to RBI’s customer helpline numbers. The Integrated Financial Crime and Cybercrime Coordination Centre (I4C) also supports coordination between agencies tackling such scams.

How to Protect Yourself

1. Only use official bank apps or websites for onboarding; verify URLs carefully
2. Never share Aadhaar, PAN, or OTPs on messages or calls unless you initiated the request
3. Avoid submitting selfies or videos on third-party apps or links from unknown sources
4. Enable transaction alerts and regularly check UPI-linked apps for unauthorized activity
5. Register mobile numbers with Aadhaar carefully and monitor for SIM swap alerts
6. Use biometric verification only on trusted platforms that comply with RBI KYC guidelines
7. Report suspicious calls or messages immediately to your bank and cybercrime helpline

What to Do If You’ve Been Targeted

1. Immediately block or freeze your bank and UPI accounts through your bank’s official channels
2. Change passwords and deactivate any suspicious payment wallets linked to your Aadhaar or mobile number
3. File a complaint with your local police cybercrime cell and report on cybercrime.gov.in
4. Call the 1930 National Cybercrime Helpline for guidance and support
5. Inform your mobile operator about suspected SIM swap and secure your mobile number
6. Alert your bank’s fraud department with detailed transaction history and KYC concerns
7. Consider placing a fraud alert or credit freeze with credit bureaus to prevent misuse

Frequently Asked Questions

Q: How can deepfake video bypass liveness detection in bank KYC?
A: Deepfake technology uses AI to create realistic videos mimicking a person’s face and movements. Fraudsters employ these videos during video KYC to fool biometric systems into thinking it is a live person, bypassing anti-spoofing checks.

Q: Can I recover money lost due to this scam through UPI grievance procedures?
A: Recovery is difficult because onboarding was fraudulently completed, leading to money being transferred out of your control. However, promptly reporting to your bank and cybercrime authorities improves chances for refunds or reversals.

Q: How do I know if my Aadhaar or mobile number has been compromised in this scam?
A: Watch for unexpected OTPs, loan notices, new UPI IDs linked to your Aadhaar, or SMS about SIM swap without your consent. You can check your Aadhaar authentication history through official UIDAI services.

Protect yourself by verifying suspicious calls or messages at BharatSecure.app and report fraud early at the 1930 cybercrime helpline.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.