The traditional methods of exploiting a One-time password (OTP) and making fraudulent phone calls to take someone’s hard-earned money have given way to new forms of cyber fraud. A person’s account was defrauded in a cyber-fraud case that surfaced in the Purnia district of Bihar without the use of an OTP, a phone call or any other conventional tactics that the public and police are aware of.
In this case, the cybercriminals used the Aadhaar biometrics data of the victim obtained from govt land records to make transactions using the Aadhaar Enabled Payment System. Bihar police revealed the unique scam in a press conference, the video of which was shared by Haryana IPS officer Pankaj Jain on X (Twitter).
No OTP,
— Pankaj Nain IPS (@ipspankajnain) July 11, 2024
No phone call,
No clue,
But money was stolen from the bank account…
(with the help of Registry papers)
Case is of Purnia Bihar . #CyberFraud pic.twitter.com/jeVGqhMWmV
Explaining the modus operanding of the scam, the Bihar Police said that the victim’s land documents, dated 25th June 2024, were obtained by the cybercrime gang by hacking into the government database. The criminals then breached the victim’s Aadhaar details and fingerprint from the land documents.
Subsequently, the perpetrator reportedly impersonated the victim by cloning the thumb impression taken from the land records. They then took money out of the victim’s bank account through the Aadhaar Enabled Payment System using the cloned thumb impression and the victim’s Aadhaar details. As AePS enables payment without any OTP, the criminals were able to steal money using the illegally obtained Aadhaar details and fingerprints.
Eight persons have been arrested by the Bihar Police in connection with the case. The group has been defrauding people of their money on a regular basis without using OTP or fraudulent phone calls. Further investigation is underway and the authorities are looking for the rest of the culprits.
Aadhaar cardholders can make transactions using their Aadhaar credentials by using the Aadhaar-enabled Payment System (AePS). Although this is a ground-breaking method of handling payments in places with poor or no Internet connectivity, the fact that the cardholder’s fingerprint is used to confirm their identification poses a risk because it can be taken unlawfully and replicated by fraudsters.
The Aadhaar number should be concealed to prevent AePS fraud. A virtual ID should be used for online transactions rather than Aadhaar. The virtual ID can be generated on the UIDAI website. People should make sure their phone number and email address are connected to their Aadhaar so the person can receive alerts when their Aadhaar is utilized in any suspicious way. If one has fallen victim to AePS cyber fraud, it should be reported on the National Cybercrime Reporting Portal.
