What to do if I shared my OTP in a UPI scam?

Immediately contact your bank’s customer service hotline and report the incident. For SBI, dial 1800-11-1109; for HDFC, reach 1800-202-6161. You should also report the scam to the cybercrime helpline at 1930.

How can I identify a deepfake UPI account scam?

Look out for unexpected UPI alerts or transactions associated with an account you didn’t create. If you notice a UPI handle linked to your details without your consent or are receiving messages for transactions that you haven't made, suspect a scam.

How to report this type of scam in India?

You can report any suspicious UPI transactions to your bank's helpline and also escalate the matter by contacting the cybercrime helpline at 1930 or by visiting cybercrime.gov.in.

How to recover money or protect accounts after this scam?

To recover lost money, act quickly by notifying your bank and filing a formal complaint. Ensure to document any evidence. Monitor your accounts closely, change passwords, and consider freezing your accounts to stop further unauthorized access.

Deepfake UPI Account Creation Con

Verdict: Suspicious | Risk Score: 9/10 | Severity: critical

Category: UPI, KYC

How Deepfake UPI Account Creation Con Works

Overview: This scam sees cybercriminals leveraging AI-powered deepfake videos and synthetic identities to create fake UPI accounts in the names of unsuspecting individuals. These accounts are then used for illicit fund transfers, laundering black money, or routing scam proceeds. Victims often realize too late that their identity has been misused, impacting their reputation and financial security. How It Works: Fraudsters mine for leaked Aadhaar, PAN, and other documents, then generate deepfake video KYC clips matching these details. Using banking or UPI onboarding apps, they register new accounts seamlessly. The scammer uses device emulators or remote browser tools for mass account creation in various banks or UPI-enabled wallets, carrying out layered transactions to obscure the money trail. When victims discover these fraudulent UPI IDs, resolving the situation becomes a long, complex process. India Angle: This con is reported widely in metropolitan and rapidly digitizing regions, especially targeting UPI-heavy users. Mumbai, Hyderabad, Bengaluru, and Kolkata are active hotspots. New-to-UPI customers, gig workers, and senior citizens are most affected, given their limited awareness of deepfake tactics. Real Examples: - A Bengaluru freelance designer finds unknown UPI IDs linked to her PAN, used for transactions she never did. - A Lucknow high school teacher receives account debit alerts for a UPI handle never registered by him. Red Flags: - UPI registration alert from a bank you don’t use - SMS about new UPI-linked account or VPA in your name - [NAME_REDACTED]/statement that don’t match your activity Protective Measures: - Validate all your UPI handles through your transaction history - Enable alerts for every UPI account you own - Use UPI PIN only on the official bank app—not third-party sites - Check RBI 'Digital Payments' complaints portal if in doubt If Victimised: - Report instantly on NPCI and your bank helpline - Call 1930 and inform cybercrime.gov.in - Lodge a dispute for every fake transaction Related Scams: - SIM swap UPI registration - Digital wallet hijacking

How This Scam Works — Detailed Explanation

In today's rapidly evolving digital landscape, cybercriminals have turned to advanced technologies to exploit unsuspecting individuals. One of the most alarming schemes currently making headlines in India is the Deepfake UPI Account Creation Con. Fraudsters begin their operation by mining for sensitive personal information that has been leaked, often targeting data from Aadhaar, PAN cards, and other crucial documents. This is frequently facilitated on various online platforms, including social media and dark web forums, where hackers gather these stolen identities. Once they acquire enough information, they proceed to create convincing deepfake videos or synthetic identities that mirror their victims. These deepfakes can be grained from videos or photos available on social media, making the impersonation alarmingly believable.

The tactics employed by these scammers are multifaceted and cunningly psychological. They not only siphon data from crowded places and public databases, but they also use social engineering techniques to build trust with potential victims. By posing as government officials or financial institutions, they often trick people into sharing additional verification through phone calls or messages. For instance, they may contact someone pretending to be from their bank using a spoofed caller ID or even conduct video calls with deepfaked identities that look similar to bank officers. These deceptive actions create a false sense of security, enabling the scammers to gain personal information directly from the victims.

Once the impersonation is successful, the consequences can be devastating for individuals. Victims of the Deepfake UPI Account Creation Con might first become aware of fraudulent activity when they receive UPI alerts for accounts they do not own or unfamiliar debit messages draining their real bank accounts. The criminals then conduct illicit fund transfers through these fake accounts without the victim's consent, routing the money to untraceable points for laundering black money. Cases reported to CERT-In have revealed countless Indian citizens losing their hard-earned money, only to find their reputations damaged due to this identity theft. A recent report indicated that in 2022 alone, approximately ₹1,200 crore was lost due to UPI-related scams, placing immense strain on the victims' financial security and overall wellbeing.

The impact of this scam extends beyond just financial loss; it significantly affects victims' mental health and personal lives. People often face embarrassing situations as their usernames and financial data are misappropriated, impacting their credit scores and relationships. Moreover, law enforcement agencies, including the Ministry of Home Affairs (MHA), are continually working with the Reserve Bank of India (RBI) and CERT-In to address these rising cybercrimes. Awareness campaigns have been initiated, but the velocity at which scammers adapt their strategies means victims must stay vigilant in identifying and reporting potential scams.

Spotting this particular scam against legitimate communications can be daunting. Common red flags include receiving a UPI handle registered under your name without prior consent or seeing debit notifications for transactions you didn’t authorize. Be cautious if unfamiliar transaction history appears in your bank passbook or mismatched UPI-linked Virtual Payment Address (VPA) alerts. At the first hint of suspicious activity, it’s essential to act swiftly and report it to the appropriate authorities to mitigate further damage.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Deepfake UPI Account Creation Con Target?

General public across India

Red Flags — How to Identify Deepfake UPI Account Creation Con

UPI handle registered to your details without consent
Debit messages for accounts you don't own
Unfamiliar transaction history on your passbook
Mismatched UPI-linked VPA alerts

What To Do If You Encounter Deepfake UPI Account Creation Con

Report suspicious activities to the Cyber Crime Helpline at 1930 or cybercrime.gov.in immediately.
Contact your bank’s helpline (SBI: 1800-11-1109, HDFC: 1800-202-6161) to inform them about unauthorized UPI transactions.
Freeze your bank accounts temporarily until you assess the extent of the scam.
Monitor bank statements regularly for any unfamiliar transactions or debit messages.
Change your Aadhaar and bank-related passwords to strengthen your security.
Document all interactions and transactions related to the scam for potential investigations.

How to Report Deepfake UPI Account Creation Con in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a UPI scam?: Immediately contact your bank’s customer service hotline and report the incident. For SBI, dial 1800-11-1109; for HDFC, reach 1800-202-6161. You should also report the scam to the cybercrime helpline at 1930.
How can I identify a deepfake UPI account scam?: Look out for unexpected UPI alerts or transactions associated with an account you didn’t create. If you notice a UPI handle linked to your details without your consent or are receiving messages for transactions that you haven't made, suspect a scam.
How to report this type of scam in India?: You can report any suspicious UPI transactions to your bank's helpline and also escalate the matter by contacting the cybercrime helpline at 1930 or by visiting cybercrime.gov.in.
How to recover money or protect accounts after this scam?: To recover lost money, act quickly by notifying your bank and filing a formal complaint. Ensure to document any evidence. Monitor your accounts closely, change passwords, and consider freezing your accounts to stop further unauthorized access.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.