Kalyanpur: In a serious case highlighting vulnerabilities in digital tax systems, an unidentified cyber fraudster allegedly breached the Goods and Services Tax (GST) account of a local trader and filed fake GST returns worth ₹70.37 crore, triggering a major investigation into suspected tax fraud and identity misuse.
The incident came to light after the affected businessman, a resident of Rawatpur, found himself locked out of his GST account and later learned that massive fictitious returns had been filed using his registration credentials. Police have registered a case against unknown persons and initiated a detailed probe into the cyber intrusion.
Credentials altered without owner’s knowledge
According to the complaint, the trader discovered that the mobile number and email ID linked to his GST registration had been changed without his consent. Investigators believe the cyber fraudster unlawfully deleted the original contact details and replaced them with another mobile number and email address, effectively taking control of the account.
Certified Cyber Crime Investigator Course Launched by Centre for Police Technology
The breach reportedly occurred months before it was detected. In October 2025, the trader attempted to log into his GST account but was unable to access it. He initially approached the GST helpline, suspecting a technical glitch. The gravity of the situation became clear only in November 2025, when officials from the state GST department informed him that his GST credentials had been misused.
Fake returns worth ₹70.37 crore
Departmental scrutiny revealed that the compromised GST account had been used to file fake GST returns exceeding ₹70.37 crore, purportedly in the name of another firm. Preliminary estimates suggest that the fraudulent filings involved suspected tax evasion or wrongful claims amounting to around ₹12.66 crore, though officials say the figure could change as the investigation progresses.
The trader immediately lodged a formal complaint with the cyber cell, following which a preliminary inquiry confirmed signs of systematic digital manipulation. A criminal case has since been registered, and investigators are now working to trace the digital footprint of the fraudster.
How GST accounts are hijacked
Cybercrime experts say such cases are becoming increasingly common as fraudsters target businesses with active GST registrations. The typical modus operandi involves compromising the mobile number and email ID linked to a GST account, which are critical for authentication.
Fraudsters often use phishing links, fake calls posing as GST officials, or leaked personal data to obtain login credentials. Once access is gained, the attacker changes the registered contact details on the GST portal, ensuring that one-time passwords (OTPs) are delivered to their own devices. This effectively locks the genuine account holder out of the system.
With control established, the fraudster can generate fake invoices, create shell firms and file high-value GST returns, often to claim fraudulent input tax credit or to route transactions through multiple entities. In many cases, the original taxpayer becomes aware of the fraud only when notices are issued by tax authorities or when login access is denied.
Investigation widens
Police officials said digital forensics teams are analysing login trails, IP addresses and changes made on the GST portal to identify the person or network behind the breach. Investigators are also coordinating with GST authorities to determine whether the fake returns were used to claim refunds or pass on illicit tax credit to other entities.
Authorities believe the fraud may be part of a larger organised racket, as filing returns worth tens of crores typically involves multiple layers of fake firms and coordinated activity. The possibility of insider facilitation or prior data compromise is also being examined.
Warning for businesses
Police said further arrests and recoveries would depend on the outcome of the digital investigation. For now, the case stands as a stark reminder that cyber fraud can expose even compliant businesses to massive financial and legal risks if digital safeguards are breached.
