New Delhi: A well-organised cyber fraud racket operating in Delhi-NCR has been exposed, in which unsuspecting citizens were duped in the name of mandatory KYC updates. Posing as bank officials, the accused sent fake links to victims, hacked their mobile phones and siphoned off large sums of money from their accounts. Four members of the gang have been arrested, and several digital devices linked to the fraud have been seized.
Investigations revealed that the accused followed a pattern commonly associated with organised cybercrime networks originating from the Jamtara–West Bengal belt. Victims were contacted through WhatsApp messages or calls, during which the fraudsters claimed to be representatives of a private bank. They warned that bank accounts would be frozen or permanently closed if KYC details were not updated immediately.
Certified Cyber Crime Investigator Course Launched by Centre for Police Technology
Taking advantage of fear and urgency, the accused persuaded victims to click on malicious links or download APK files sent to their phones. These files enabled the fraudsters to gain remote access to the devices, allowing them to steal sensitive banking credentials without the victim’s knowledge.
One such victim, a woman residing in the Sagarpur area, lodged a complaint after falling prey to the scam. According to her statement, she received a WhatsApp message on December 12, 2025, warning that her bank account would be blocked unless KYC formalities were completed urgently. She was subsequently sent an APK file and instructed to fill in personal and banking details.
Soon after clicking the link, her mobile phone was compromised. Using the stolen credentials, the accused applied for loans in her name and gained access to her banking applications. The fraud came to light on December 15, when she received transaction alerts from her bank. By the time she realised what had happened, ₹8.30 lakh had already been withdrawn.
Following the complaint, a case was registered and a detailed investigation was launched. Through technical surveillance, analysis of banking transactions and mobile data tracking, police traced the operation beyond Delhi. It was found that the accused were carrying out fraudulent activities from remote locations outside the capital.
Further investigation led police teams to Jharkhand’s Dhanbad district, where the gang had set up makeshift bases in agricultural fields to evade detection. Raids were conducted, resulting in the arrest of three accused—Shiv Kumar Ravidas, Sanjay Ravidas and Dinesh Ravidas—who were caught actively engaged in cyber fraud operations. The fourth accused, Shubham Kumar Barnwal, was later arrested from Hooghly in West Bengal based on interrogation inputs.
During the raids, police recovered ten mobile phones, 13 SIM cards, transaction-related messages, Excel sheets containing banking data, APK files and other digital evidence. These materials are believed to have been used to manage victim information, track transactions and execute the fraud.
Interrogation revealed that the accused specifically impersonated officials of Axis Bank to gain credibility. Once the malicious APK was installed, they remotely controlled victims’ phones, accessed banking apps and transferred loan amounts to mule accounts. The money was then withdrawn using ATMs and PoS machines, making the trail difficult to trace.
Investigators also found that the accused came from modest backgrounds. Some were educated only up to Class 10 or 12 and previously worked as daily wage labourers, while one accused was a mobile phone repair technician. Police believe such individuals were drawn into the network with the promise of quick and easy money.
Authorities are now analysing the money trail, linked bank accounts and seized digital devices to determine the full scale of the operation. Efforts are underway to identify other victims and assess whether the gang targeted people in multiple cities using the same modus operandi. More arrests are likely as the investigation progresses.
The case has once again highlighted the increasing sophistication of cyber fraud and the dangers of blindly trusting messages received on phones. Law enforcement agencies have urged citizens to remain vigilant and avoid clicking on unknown links or downloading files sent in the name of banks or government agencies.
Officials reiterated that no bank or government institution asks for KYC updates, passwords or payments through links, calls or messaging platforms. Awareness and caution, they stressed, remain the strongest defence against such cyber crimes.
About the author — Suvedita Nath is a science student with a growing interest in cybercrime and digital safety. She writes on online activity, cyber threats, and technology-driven risks. Her work focuses on clarity, accuracy, and public awareness.
