CloudSEK, a cybersecurity firm, has uncovered a significant fraud operation in India involving the creation of counterfeit Know Your Customer (KYC) documents. Named ‘PrintSteal’, this operation utilized numerous fraudulent domains that mimicked official government websites. The scammers are believed to have produced over 167,000 fake documents, amassing more than ₹40 lakh in the process. Furthermore, the investigation revealed that these fraudulent documents were generated using personally identifiable information (PII) collected from unsuspecting individuals.
Fraudsters Emulate Official CSCs to Deceive Victims
In an elaborate report detailing the mechanics of the fraudulent scheme, CloudSEK indicated that the perpetrators launched more than 50 websites designed to replicate the government’s Common Services Centres (CSCs). These centres are integral to the country’s e-governance framework. The counterfeit websites employed domain names closely resembling those of the official CSCs.
Dashboard of a print portal utilized by the scammers (tap to expand)
Photo Credit: CloudSEK
The fraudulent actors promoted these deceptive websites through various channels, including social media, search engine optimization, chat applications, and even cybercafés. Visitors to these sites were prompted to provide extensive PII, such as their residential address, phone number, Aadhaar number, photographs, date of birth, PAN card information, along with UPI IDs and bank details.
Due to the resemblance of the counterfeit sites to authentic government portals, many users mistakenly believed they were inputting their data on official platforms. Once users submitted their information, the system produced fake documents mimicking legitimate ones, such as PAN cards, Aadhaar cards, driving licenses, and voter IDs.
Fake documents contain QR codes linking to fraudulent websites (tap to expand)
Photo Credit: CloudSEK
According to CloudSEK, the scammers charged between ₹20 and ₹35 for generating each document. Their accomplices, responsible for distributing these documents, charged customers higher fees to maximize profits. The counterfeit KYC documents even included QR codes that directed users to websites displaying the documents, deceiving them into believing they were interacting with an authentic government site.
During their investigation, the firm uncovered that some of the generated fake KYC documents were stored on cloud services like ImgBB and ImgPile, rather than being deleted. This cloud storage could potentially be exploited to sell the fraudulently created documents.
Screenshot warning associates about ongoing investigations
Photo Credit: CloudSEK
CloudSEK estimates that the fraud operation generated revenue of ₹40 lakh through its network of websites, yielding over 160,000 fake documents. The firm cautioned about the emergence of similar fraudulent websites, noting the existence of over 1,800 domains, of which 600 remain active. These platforms were established using pre-designed templates and external application programming interfaces (APIs).
The fraudulent operation raises significant concerns regarding financial fraud and identity theft, given that these documents are typically issued by the government following a verification process. Additionally, CloudSEK highlighted potential national security risks, as the counterfeit documents could be utilized to obscure identities while perpetrating serious crimes.
To combat this issue, the firm suggested actions including prosecuting key individuals involved, fostering collaboration among various agencies (both national and international), shutting down misleading websites, dismantling local networks, implementing two-factor or biometric authentication for validation, instituting real-time verification, raising public awareness, and leveraging artificial intelligence and machine learning to detect fraudulent activities.
