New Delhi — In early September, a 78-year-old retired banker from South Delhi’s Gulmohar Park transferred nearly ₹23 crore—his life savings—to a web of cybercriminals posing as law-enforcement officers. They told him his Aadhaar number had been linked to a terror-funding case.
Just weeks earlier, a retired defence officer in Bengaluru lost ₹1.8 crore to a similar “digital arrest” scam. Last week, a doctor in Maharashtra was duped of ₹7 crore. These incidents are not isolated. From businessmen and professionals to actors and former government officials, an expanding class of India’s educated elite is being trapped in complex, psychologically manipulative online frauds that combine social engineering with leaked identity data.
Exploiting the Data Chain
Fraudsters begin with fragments—phone numbers, PAN details, passport IDs—often stolen through phishing, malware, or unpatched software vulnerabilities. Investigators say such data, harvested from breaches at government departments and private firms, circulates freely on the dark web at nominal prices.
The stakes are immense. Aadhaar now links the financial and biometric information of more than 140 crore Indians. From bank accounts and loans to SIM cards and tax filings, nearly every personal identifier is tethered to that 12-digit number.
While the government insists the Aadhaar database is secure, independent experts warn that the ecosystem around it—banks, fintech startups, telecom operators, and KYC vendors—remains porous. Each digital handshake, they note, widens the surface for potential compromise.
FCRF Launches CCLP Program to Train India’s Next Generation of Cyber Law Practitioners
The KYC Paradox
Ironically, one of the most exploited safeguards is the Know Your Customer (KYC) process itself. The Reserve Bank of India’s master directive has made KYC mandatory for every financial account, with verification now largely conducted through Aadhaar-based electronic channels such as DigiLocker and the Central KYC Registry.
Over 70 percent of new retail accounts are opened digitally, a shift that has streamlined onboarding but also created fertile ground for fraud.
Cybercriminals increasingly use stolen identities to complete e-KYC authentications, open fraudulent accounts, and secure loans or credit cards in victims’ names. Others impersonate RBI, CBI, or police officials on WhatsApp and Skype video calls, weaponizing the same verified information to intimidate targets into “compliance.” Victims are falsely accused of money-laundering or drug trafficking and coerced into transferring their savings under threat of arrest.
A System Turned Against Itself
The paradox runs deep: a mechanism built to prevent laundering and terrorism financing is being hijacked to commit those very crimes. Once scammers succeed in fraudulent e-KYC verification, they gain lawful-looking access to victims’ financial lives, leaving behind ruin and reputational damage.
At the heart of this digital trust machine lies Aadhaar. According to the Ministry of Electronics and Information Technology, Aadhaar authentication transactions reached 14,555 crore by February 2025, while e-KYC transactions stood at 2,311 crore—figures that underscore the scale of dependence on the system.
The Cost of Connectivity
Kerala Police officials say hacked bank databases and leaked customer records routinely surface on the dark net, often reported only when direct financial loss occurs. Between 2020 and 2024, the state recorded 5.82 lakh cybercrime cases and losses exceeding ₹3,200 crore.
Nationally, the Union Ministry of Home Affairs told Parliament that cyber-fraud losses jumped 206 percent in a single year—from ₹7,465 crore in 2023 to ₹22,845 crore in 2024—as reported fraud cases rose from 24 lakh to 36 lakh.
The Indian Cyber Crime Coordination Centre (I4C) projects that losses could reach ₹1.2 lakh crore in 2025—around 0.7 percent of India’s GDP—if the trajectory continues.
For victims like the retired banker in Delhi, the promise of a secure, digitized identity has turned into an enduring nightmare. The same number meant to confirm who he was became the tool used to erase what he owned.
