According to a cybersecurity research firm, hundreds of fake ID card printing websites operate in Uttar Pradesh and trick people into using their personal data.
The websites run advertisements offering the generation of physical ID cards such as Aadhaar, PAN, driver’s license, etc. And to deliver them to customers’ doors at affordable rates, the Bengaluru-based company CloudSec said.
People’s personal information is used to carry out social engineering attacks, identity theft, phishing attacks, while it can also be used to carry out unauthorized financial transactions and illegally issue SIM cards.
New research from CloudSec has revealed that large numbers of these cyber threat actors have increased since the outbreak of the COVID-19 pandemic and are located in western Uttar Pradesh.
When contacted, Uttar Pradesh superintendent of police for cybercrime Triveni Singh told PTI that his department had received identity theft complaints and was already investigating several of these cases.
“Such cases come from large cities, particularly in the National Capital Region (NCR),” he said.
Shri Singh asked people to immediately report any online crime to the dedicated helpline number 1930 or cybercrime.gov.in.
Earlier, CloudSec’s Contextual Artificial Intelligence (AI) Vulnerability Platform uncovered identity card printing frauds orchestrated by Uttar Pradesh-based groups, as it observed that, despite the digital revolution in India, much of the population still remain vulnerable to documents. It prefers physical copies over corporate digital versions, especially when it comes to identity documents like driver’s license, aadhaar, etc.
“This requires reporting of the existence of convenience stores that provide ID printing services. However, with brick-and-mortar stores closing due to the pandemic, many have turned to the Internet for ID printing services. is, “she noted.
Threat actors are jumping on the bandwagon by hosting fake websites and impersonating large Indian companies that claim to provide paper copies of ID cards. According to CloudSEK, millions of Indian citizens have fallen victim to this scam.
The research paper states: “The domain mimics popular Indian brands including various telecom providers, banks, payment wallets, email services, etc. This includes Fino Payments Bank, DTDC, India Post, etc., which are themselves a legitimate business entity present as it is.
“The threat group uses Google advertising, social media pages and SEO optimization techniques to distribute and popularize these domains. Victims are required to provide their Personally Identifiable Information (PII) and forest information on a KYC portal integrated with popular One Time Password (OTP) payments is tricked into sharing the channel, “he added.
The lure of easy money or cheap services tricks unsuspecting users into clicking links and visiting malicious websites, often using SEO (search engine optimization) techniques and platforms. social media such as Facebook, Instagram, Twitter and YouTube. is promoted.
According to CloudSEK, it exposed multiple YouTube videos and channels with multiple views that were embedded with links related to these malicious domains.
“Threats can leverage PII to conduct other social engineering attacks, identity theft, phishing attacks, etc. OTPs can be used to carry out unauthorized transactions from victims’ bank accounts. The threat actors’ SIM cards can be registered in the name of the victims and used for illegal activities, ”she said.
Aadhar card and PAN card details can be used to create fake bank accounts, apply for loans, or perform other malicious activities.
As for security measures, the leading cybersecurity research firm has warned people against clicking on suspicious links and advised them to ignore emails or messages from unknown sources.
“Enter your credentials only on official government websites (sites with the .gov extension). Be careful when posting it on another site, “she added.
(Except for the title, this story was not edited by the NDTV staff and is posted by a syndicated feed.)