Synthetic Identity with Deepfake KYC Fraud — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 28, 2026

Severity: HIGH | View Full Scam Details

Synthetic Identity with Deepfake KYC Fraud in India 2026: A Rising UPI & WhatsApp Threat

The Synthetic Identity with Deepfake KYC Fraud is an alarming new cybercrime in India that exploits advanced fake identity creation and video technologies to bypass security checks and steal money using UPI and WhatsApp.

What Is the Synthetic Identity with Deepfake KYC Fraud?

This fraud involves scammers creating synthetic identities — fake profiles that combine real, stolen, and fabricated personal details — to impersonate legitimate users during KYC (Know Your Customer) verification. They then use deepfake technology to generate realistic video or voice recordings mimicking a genuine person, fooling KYC systems that rely on biometric or live verification.

In the Indian context, this scam targets digital payment users, especially those on UPI apps and WhatsApp Pay, where quick onboarding and relatively simple KYC processes exist. Fraudsters try to open new bank accounts or wallets under these synthetic identities, enabling money laundering or unauthorized transactions. Cases reported to law enforcement and cybercrime cells show this scam is growing rapidly in urban and semi-urban areas where internet penetration and digital payments are rising.

The Reserve Bank of India (RBI) and CERT-In (Indian Computer Emergency Response Team) have issued warnings about misuse of biometric and KYC data in synthetic identity frauds, urging financial institutions to strengthen multi-factor authentication and detection systems. India’s Inter-Agency Centre for Cyber Crime Coordination (I4C) is also tracking such emerging threats.

How This Scam Works — Step by Step

1. Data Gathering: Scammers collect bits of real personal information such as partial Aadhaar numbers, PAN details, phone numbers (e.g., 98XXXXXX12), and photos leaked from data breaches or social media.

2. Synthetic Profile Creation: Using this data, they create a synthetic identity profile with a matching phone number and UPI ID (e.g., us**@bank).

3. Deepfake Video Generation: Fraudsters produce a deepfake video or voice recording impersonating the victim or a fictitious person with realistic facial expressions and speech, mimicking live KYC verification.

4. KYC Submission: The fake video and synthetic documents are submitted to digital wallets or banks to pass KYC and open an account.

5. WhatsApp Contact: The victim or others may receive WhatsApp messages from scammers posing as bank officials or UPI app support, offering "help" or "verification" steps.

6. Money Transfer Requests: Using the synthetic identity’s account, fraudsters request money transfers through UPI or ask contacts to send money back under false pretenses such as "refunds" or "verification transfers."

7. Account Abuses & SIM Swaps: Sometimes, SIM swap attacks complement the fraud to get OTPs, enabling scammers to transfer money out immediately.

8. Victim’s Loss: Victims often realize only after unauthorized debits or money transfers appear, with limited chances of recovery due to the sophisticated use of deepfake verification.

Real Warning Signs to Watch For

• Unexpected WhatsApp messages claiming to be bank or UPI app support asking for personal or OTP details.
• Video calls requesting live facial verification that seem "off" or robotic in expressions.
• Verification links sent via SMS or WhatsApp asking you to upload Aadhaar or PAN details urgently.
• Notifications of KYC or account activations you did not initiate.
• Calls warning of sudden deactivation of your UPI or wallet account, pressuring you to verify immediately.
• Requests for transferring money to "test" refund accounts or unknown UPI IDs.
• News or alerts from RBI, CERT-In, or your bank about deepfake or synthetic identity fraud risks.

What Happens to Victims

Victims may suffer financial loss as money gets siphoned off from their linked bank accounts or UPI wallets without their consent. Because synthetic identities can bypass KYC filters, fraudsters often open multiple accounts, complicating tracking and reversal.

Emotionally, victims feel helpless as their personal identity might be misused online, leading to prolonged harassment or harassment potential for blackmail. The Aadhaar linkage in many cases raises concerns about misuse of biometric data. Victims caught in SIM swap fraud lose control over their mobile numbers, which directly impacts OTP-based transaction security.

UPI reversals for fraudulent transactions are difficult, as payment apps follow RBI’s mandate to block chargebacks except for certified technical failures, making recovery challenging if prompt reporting is missed.

What RBI and CERT-In Say

The RBI has emphasized stringent authentication methods for digital payments and cautioned banks and payment service providers to prevent KYC fraud using advanced biometrics and ongoing monitoring. The central bank’s recent circulars highlight risks posed by synthetic identities and advise enhanced scrutiny for new account openings.

CERT-In has issued advisories warning users about deepfake technology’s potential misuse, urging vigilance when sharing personal data online and caution in video-based KYC processes. They recommend reporting suspicious calls or messages immediately to cybercrime police and using official channels only.

The Indian cybercrime helpline 1930 assists victims in reporting such frauds, providing timely response and guidance. RBI’s customer helpline for banking scams also remains available for complaint and inquiry.

How to Protect Yourself

1. Never share OTPs, PINs, or biometric info over calls or WhatsApp messages, even if the caller claims to be from your bank or payment app.
2. Verify all WhatsApp messages claiming to be from financial institutions independently using official numbers.
3. Avoid clicking on links sent via WhatsApp or SMS for KYC or payment verification unless initiated by you and confirmed officially.
4. Regularly update your UPI app and mobile operating system to benefit from enhanced security patches.
5. Report instantly to your bank and mobile operator if you suspect a SIM swap or unauthorized access.
6. Use multi-factor authentication methods that include hardware tokens or app-based OTP generators where possible.
7. Monitor your bank and UPI transaction history frequently for unknown debits and report discrepancies without delay.

What to Do If You've Been Targeted

• Immediately call your bank’s customer care and request a freeze on your accounts linked to UPI or wallets.
• File a complaint on the National Cyber Crime Reporting Portal at cybercrime.gov.in with all transaction details, messages, and call logs.
• Report the incident to the 1930 cybercrime helpline to get assistance and escalate the matter.
• Inform your mobile service provider if you suspect SIM swap or number hijack.
• Consider changing your registered Aadhaar-linked mobile number or linking it to OTP alternatives if vulnerabilities persist.
• Inform RBI through their grievance redressal mechanisms if you face resistance from your bank or wallet provider.
• Keep detailed records of all communication and follow up regularly with police or cybercrime authorities.

Frequently Asked Questions

What is synthetic identity fraud with deepfake KYC?
It is when fraudsters create fake identities using a mix of stolen and fabricated information, then use AI-generated deepfake videos or voices to pass biometric KYC checks and open digital accounts fraudulently.

Can UPI transactions be reversed if done through synthetic identity fraud?
UPI reversals are rare except for technical failures. Victims should report fraud at the earliest to banks and cybercrime authorities, though recovering lost money can be difficult once confirmed.

How can deepfake technology fool KYC verification?
Deepfakes create highly realistic videos or audio of a person that appear live, tricking facial recognition or voice biometric systems used during KYC into approving fake identities.

Stay vigilant and double-check suspicious messages by visiting BharatSecure.app — India’s trusted platform for verifying digital frauds. If you suspect fraud, don't hesitate to report it at the 1930 cybercrime helpline immediately.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.