What to do if I shared my OTP in a KYC scam?

Immediately contact your bank's customer service helpline, such as SBI at 1800-11-1109 or HDFC at 1800-202-6161. Change your account passwords and report the incident on cybercrime.gov.in.

How can I identify this specific scam?

Look out for any requests for personal information such as Aadhaar numbers tied to new account registrations you didn't initiate, coupled with sudden transactions in your account.

How do I report this type of scam in India?

You can report scams to the cybercrime helpline at 1930, file a report at cybercrime.gov.in, and also inform your bank about any fraudulent transactions.

What are the recovery steps if I'm a victim of this scam?

Contact your bank to freeze any compromised accounts and dispute fraudulent transactions. Report the issue to the cybercrime helpline and follow their guidance for further recovery options.

Clustered Deepfake KYC for Mass Account Creation

INDIA — By BharatSecure Threat Intelligence Team · Updated May 28, 2026

Verdict: Suspicious | Risk Score: 8/10 | Severity: high

Category: KYC, Loan App

How Clustered Deepfake KYC for Mass Account Creation Works

Overview: This sophisticated scam involves organized gangs using deepfake videos and synthetic identities to create dozens or even hundreds of bank and wallet accounts in a short span. These fraudulent accounts are then used for laundering money, cheating loan apps, and circulating illegal funds. Banks and fintechs face heavy losses, while everyday citizens may see their ID details misused or wrongly implicated. How It Works: 1. Scammers generate a batch of fake identities, often blending real and synthetic user data. 2. Deepfake selfie or video is created for each fake identity, tailored to KYC requirements. 3. Automated scripts or low-wage operators submit these KYC applications in clusters, often from the same device/IP address. 4. Accounts are approved and immediately used for transactions, loans, or illicit money transfers before detection. India Angle: This campaign targets Indian digital lending, wallet services, and emerging banks—especially those with aggressive customer onboarding goals. Incidents have been traced to hotspots in urban clusters like NCR, Mumbai, and Bengaluru, but rural digital outreach schemes have been exploited too. Youth and first-time customers are easy targets. Real Examples: - Notifications: "Account created successfully." - "Sorry, we cannot process your transaction due to suspicious activity on your wallet." Red Flags: 1. Multiple new accounts with very similar customer details or behaviors. 2. Short KYC histories and minimal supporting documentation. 3. Series of rapid KYC failures, then several sudden approvals. 4. Bank notices about 'suspicious' activity tied to your details. Protective Measures: - Do not share copies of your IDs on unofficial groups or public forums. - Regularly check reports from credit bureaus to spot unknown accounts. - Inform your bank if you notice new accounts or wallets in your name. - Use multi-factor authentication wherever possible. If Victimised: - Reach out via 1930 and inform your bank’s fraud team immediately. - File a cyber complaint on cybercrime.gov.in detailing account misuse. - Place a freeze on suspicious accounts/loans through credit bureaus. Related Scams: - Digital lending app frauds - Mass SIM activation using fake eKYC - Payment wallet mule account rings

How This Scam Works — Detailed Explanation

The Clustered Deepfake KYC for Mass Account Creation scam is a sophisticated scheme that has been gaining traction in India, primarily targeting the rapidly growing digital banking ecosystem. Scammers often set up seemingly legitimate platforms, such as fake lending apps or e-wallet services, to lure unsuspecting citizens into completing KYC processes that are, in fact, designed for fraud. They use social media channels like WhatsApp or Instagram, often impersonating trusted brands or their representatives, to reach out to potential victims and request personal details under the guise of regulatory compliance. They create a sense of urgency, stating that failure to verify one's identity could lead to account suspension or loss of service.

To manipulate victims psychologically, these scammers employ various tactics such as fake testimonials, urgency messaging, and trust-building strategies. They may present deepfake videos that appear to be customer service representatives, reinforcing authenticity and convincing individuals that they are indeed speaking to a verified authority. Often, these scammers will then request sensitive information, such as Aadhaar numbers, bank account details, or a one-time password (OTP), purporting that it is necessary to complete the KYC process. This fosters vulnerability, as many victims feel pressured to comply swiftly to avoid losing access to their funds or service benefits.

Once scammers obtain the victims' details, they don’t stop at simply establishing a few accounts. They deploy a systematic approach where they use these acquired identity details to create multiple bank and wallet accounts across various platforms like Paytm and Google Pay. For example, one case reported was where an individual saw their Aadhaar number linked to 57 fake accounts, which were then used to facilitate money laundering. These accounts often exhibit a sudden flurry of transaction activity, leading to unexpected losses for financial institutions and creating complications for the innocent individuals whose credentials were compromised. This is especially alarming in an era of digital payments, such as with Unified Payments Interface (UPI), where identification and transaction monitoring are crucial for safety.

The financial ramifications of this scam are significant. In the last year alone, reports indicated that Indian banks and fintech companies have lost over ₹1,000 crore due to fraudulent activities, many stemming from this kind of deepfake scam. The Ministry of Home Affairs (MHA), the Reserve Bank of India (RBI), and the Computer Emergency Response Team (CERT-In) have all issued advisories highlighting the rise of such scams. As a result, the government is increasing enforcement and public awareness campaigns aimed at educating citizens about the dangers of sharing personal information with unsolicited requests. Citizens need to recognize the scale of these activities and the potential consequences of their ID misuse not just on financial institutions, but also on their own financial health.

To effectively identify such scams, it's important to watch for specific red flags in communications. Legitimate entities rarely ask for such sensitive information via unverified communications. If you notice multiple unfamiliar accounts linked to your Aadhaar or receive sudden notifications of new financial accounts without consent, these may be indicators of fraudulent activity. Furthermore, verify that any KYC processes are happening through official channels and check for complete digital KYC histories rather than abrupt changes or missing data, which often signal a breach of trust. Always be skeptical of transactional anomalies, such as unexpected transfers, as they may indicate that your identity and financial data have been compromised.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Clustered Deepfake KYC for Mass Account Creation Target?

General public across India

Red Flags — How to Identify Clustered Deepfake KYC for Mass Account Creation

Multiple unfamiliar accounts tied to your ID
Sudden surge in bank or wallet registrations
Detection of transaction anomalies
Short or patchy digital KYC histories

What To Do If You Encounter Clustered Deepfake KYC for Mass Account Creation

Report suspicious activities related to your KYC at 1930 or visit cybercrime.gov.in for guidance.
Contact your bank's customer service immediately to inquire about any unfamiliar accounts associated with your ID.
Alert your financial institution if you notice unauthorized transactions, providing them with all necessary details.
Change your passwords for banking and payment apps, and enable two-factor authentication wherever possible.
Monitor your bank statements and digital transaction histories regularly to catch any irregularities.
Be cautious with unsolicited requests for personal information or KYC processes from unknown sources.

How to Report Clustered Deepfake KYC for Mass Account Creation in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a KYC scam?: Immediately contact your bank's customer service helpline, such as SBI at 1800-11-1109 or HDFC at 1800-202-6161. Change your account passwords and report the incident on cybercrime.gov.in.
How can I identify this specific scam?: Look out for any requests for personal information such as Aadhaar numbers tied to new account registrations you didn't initiate, coupled with sudden transactions in your account.
How do I report this type of scam in India?: You can report scams to the cybercrime helpline at 1930, file a report at cybercrime.gov.in, and also inform your bank about any fraudulent transactions.
What are the recovery steps if I'm a victim of this scam?: Contact your bank to freeze any compromised accounts and dispute fraudulent transactions. Report the issue to the cybercrime helpline and follow their guidance for further recovery options.

Related Scams in India

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.