Camera Injection Attack on Live Selfie KYC

How Camera Injection Attack on Live Selfie KYC Works

Overview: A new scam trend sees fraudsters using 'camera injection'—feeding pre-recorded deepfake or synthetic video into the camera stream during a live selfie check. This defeats the purpose of real-time video KYC, as the bank or app is shown fabricated facial movements, not an actual person. The risk is the approval of fraudulent accounts or loans in your name. How It Works: 1. Scammer creates a realistic prerecorded deepfake or AI-faced video. 2. They access the bank or fintech’s KYC selfie page. 3. Instead of using a real camera, they inject the fake video stream into the verification app using virtual camera tools. 4. The system accepts the fake liveness check. 5. Account or loan is opened, linking it to your real or fabricated details. India Angle: This advanced scam is seen in both high-value banking (Mumbai, Delhi) and fast digital onboarding by smaller banks or UPI wallets. It may also exploit overworked customer service points in tier-2 towns, where manual KYC review is rare. Anyone who provides KYC selfies on demand is at risk. Real

How This Scam Works — Detailed Explanation

In India, scammers are increasingly preying on individuals trying to complete their Know Your Customer (KYC) requirements through video calls. Using popular platforms like WhatsApp or even directly through banking apps, these scammers often present themselves as bank officials guiding victims through KYC for services like UPI transactions or loan approvals. They may start with a casual conversation, establishing trust and making the potential victim feel at ease, before leading them down the path of using their camera for verification purposes. Many unsuspecting individuals, particularly the elderly or those less savvy with technology, may be prompted convincingly to perform KYC verification entirely via video call with these scammers.

Once they have secured a connection, the scammers employ a tactic that combines psychological manipulation with advanced technology. Knowing that the verification process often requires a live video selfie, they may suggest that the verification needs to be as seamless as possible. Their conversation might revolve around urgency—claiming that without immediate verification, certain banking privileges might be blocked. To maintain the trust they’ve built, they might also mention the standard procedures or guidelines put forth by the RBI to authenticate the need for such verification. In reality, unbeknownst to the victim, they have prepared a pre-recorded deepfake video that replicates their face and mannerisms convincingly, diverting blame onto the system for any unusual activity that may occur later.

Victims of this scam find themselves unwittingly playing a central role in a cycle of fraud. After bemusedly watching the live input of a synthetic version of themselves during KYC, victims often feel confident that all is legitimate. The scammer will remotely record the data and complete the KYC process quickly, leading to the creation of fraudulent accounts using the compromised identity. For example, if a victim has a bank account at State Bank of India, the scammer can take out loans or make transactions using that identity on UPI, wreaking havoc on the individual's finances and credit score. A notable case involved a victim from Maharashtra whose details were misused, leading to a fraud amount of ₹25 lakh, only discovered when they started receiving loan recovery calls from a bank they never applied to.

The impact of these scams is staggering. As reported by various news sources and law enforcement, scams involving camera injection attacks, while still emerging, have led to losses running into crore amounts across the country. The Ministry of Home Affairs (MHA) has noted a spike in such fraudulent activities. Even with advisories issued by the Reserve Bank of India (RBI) and the Cyber Security Agency (CERT-In), many remain unaware of the risks associated with unverified KYC processes. This year alone, over ₹50 crores were reported lost across various scams connected to fake accounts and UPI frauds. It becomes essential for users to recognize that while new technologies can empower our financial lives, they can equally be weaponized by the malicious to bring chaos and financial destruction.

To effectively spot this versus legitimate communications, users must practice due diligence. If approached for UPI KYC verification via video, genuine bank representatives will usually send official emails or texts before a video meeting and will never rush you into making hasty decisions. Always ensure the communication is initiated from known official contact points, rather than responding to unsolicited messages or calls. Any sense of urgency should act as a warning flag that something may not be right, and users should instead verify by contacting their bank or financial institution directly through official channels identified on their respective websites.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Camera Injection Attack on Live Selfie KYC Target?

General public across India

What To Do If You Encounter Camera Injection Attack on Live Selfie KYC

1. Report the incident immediately at 1930 or visit cybercrime.gov.in for online reporting.
2. Call your bank's helpline (e.g., SBI 1800-11-1109, HDFC 1800-202-6161) to block any potential fraudulent transactions.
3. Change your Aadhaar and UPI linked passwords immediately to secure your financial accounts.
4. Collect all information related to the scam and prepare to file a police report if necessary.
5. Monitor your bank and UPI transaction history regularly for any unauthorized transactions.
6. Educate family and friends about this scam to prevent them from becoming victims.

How to Report Camera Injection Attack on Live Selfie KYC in India

• Call 1930 — National Cyber Crime Helpline (24x7)
• File a complaint at cybercrime.gov.in
• Contact your bank immediately if money was lost
• Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my Aadhaar during a video call scam?

Contact your bank immediately to secure your account and report any fraudulent activity. You can also freeze your Aadhaar number by visiting uidai.gov.in for additional security.

How can I identify a camera injection attack during KYC?

Look for signs like poor video quality, lag, or inconsistencies during the call. If the representative rushes you or fails to answer your questions convincingly, consider it a red flag.

How do I report a camera injection scam in India?

Report the incident at 1930 or visit cybercrime.gov.in to submit your complaint. Additionally, notify your bank's fraud department immediately.

Can I recover my lost money after falling for this scam?

Recovery can be difficult but contact your bank for detailed actions and possible recovery pathways. Gather all evidence of the scam for further investigation.

Related Scams in India

• 'PrintSteal' Operation - Fake KYC Document Generation
• AI Deepfake Executive Authorization Scam
• AI Voice Clone Urgent Money Transfer Scam (General)
• AI Voice Cloning Emergency Scam (Familiar Person)
• AI Voice Cloning Scams

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.