Gorakhpur | Cyber criminals in Gorakhpur allegedly siphoned ₹4.36 lakh from a trader’s bank account using the Immediate Payment Service (IMPS). The fraudsters first initiated small test transactions to gauge the system — and once confident, moved large sums in quick succession. Based on the complaint, police have registered a case and the cyber cell has begun investigation.
The incident involves Sumit Goyal, a resident of Surajkund Colony. He has been maintaining a savings account with HDFC Bank since 2004. On the night of November 25, Goyal received alerts showing withdrawals of ₹2 and then ₹1 from his account. The unusually small amounts triggered suspicion, prompting him to immediately inform the bank.
As a precaution, the bank temporarily blocked the account. However, Goyal informed officials that his housing loan EMI was scheduled for December 5. To ensure timely payment, the account was reactivated on December 3 following the bank’s assurance.
On December 5, the EMI of ₹29,543 was successfully debited. Everything appeared normal — until the night of December 9. At around 9:40 pm, two high-value transactions were suddenly executed.
In the first instance, ₹2 lakh was transferred, followed by another transfer of ₹2.36 lakh shortly afterward. Both amounts were routed to an IDBI Bank account, where the beneficiary name appeared as “Rajju” in the transaction details.
Realizing he had been duped, Goyal filed a written complaint with the bank on December 10 and also lodged an online complaint with the cyber police station. Investigators are now examining how the trader’s phone was compromised and how access to the banking application was obtained.
CPT Analysis: “Probe first, then the high-value strike”
According to experts from the Center for Police Technology (CPT), the case reflects what they describe as a classic “probe pattern.”
“Fraudsters initially move very small amounts — ₹1 or ₹2 — to verify whether the account is active, how fast alerts trigger, and how the security layers respond. Once they are confident, they execute high-value transactions, often late at night when the user is less alert,” a CPT cyber-security specialist explained.
CPT notes that, in many such cases, victims unknowingly share access via phishing links, fake customer-care calls, or remote-access applications. Once control permissions are granted, criminals can read OTPs, suppress notifications and complete transactions without the victim realizing it in real time.
Security questions resurface
Despite two-factor authentication, OTP-based verification and alert systems, the ease with which such large sums get transferred again raises serious concerns about digital banking safety. Investigators are now following the transaction trail, examining beneficiary KYC records and reviewing logs linked to the suspicious device.
Safety checklist for users (CPT advisory)
- Avoid clicking unfamiliar links or scanning unknown QR codes
- Download apps only from official app stores
- Never give screen-sharing or remote access to anyone
- Do not share OTPs, PINs, passwords or CVV with anyone
- If suspicious activity occurs, immediately notify the bank and call the 1930 helpline
What is IMPS?
IMPS (Immediate Payment Service) is a real-time electronic fund transfer system operated by NPCI. It allows instant transfers — 24×7, including holidays — often within seconds. While it enables quick, friction-free payments, the same speed can make recovery difficult, making it an attractive target for cyber criminals.
At present, police and the cyber cell are scrutinizing bank records, linked accounts and possible digital footprints. The case is under investigation — and it serves as yet another reminder that with the convenience of digital banking comes an equally critical need for digital awareness and vigilance.
