A businessman from Jharkhand’s Dhanbad district lost nearly ₹2 lakh in a swift cyber fraud after criminals posing as a doctor’s assistant tricked him into sharing information linked to his UPI account under the pretext of booking a medical appointment. The incident highlights the growing misuse of search engine business listings and digital payment systems by cybercriminals targeting unsuspecting patients.
The complainant, Ram Prasad Agrawal—a businessman and resident of Rajganj More in the Katras area—was searching online for a doctor’s contact number on June 19 to schedule a medical consultation. During the process, he dialed a spoofed contact number listed on a public search index and was contacted by an unknown individual who introduced himself as the clinic’s senior assistant and offered to fast-track the token generation.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
The ₹5 Verification Trap
The caller informed Agrawal that a nominal registration fee of ₹5 was required to confirm the digital booking. Believing the request to be genuine, the businessman proceeded with the payment process through a digital utility link sent by the operator. During the transaction attempt, he entered his private UPI PIN into a modified interface.
The fraudulent credential harvest operated via a distinct phishing sequence, beginning with visual index manipulation. The syndicates injected fraudulent help desk contacts into open business search directories to intercept outgoing medical booking calls.
Following this, the process moved to screen reflection mapping. The fraud operator deployed a malicious redirection utility during the fake ₹5 transaction, harvesting the user’s keystrokes and core banking registration metadata.
The loop concluded with background UPI mirroring, allowing the attackers to silently register the victim’s banking credentials on secondary device nodes while masking live transaction alerts.
Six Rapid Fraudulent Transactions
Although the payment reportedly failed on the businessman’s screen at the time, investigators believe the fraudsters successfully harvested the transaction logs. The victim subsequently began receiving standard automated alerts indicating that his primary bank accounts were being newly linked to active UPI apps on external mobile devices. At the time, he did not suspect that the background activity was related to an active security breach.
The fraud came to light on the morning of June 22 when a rapid sequence of high-value transaction alerts began popping up on his smartphone. Between 10:52 a.m. and 11:22 a.m., cybercriminals executed six separate transactions and siphoned a total of approximately ₹2 lakh from two distinct Bank of India savings accounts belonging to the businessman.
The cash siphoning breakdown showed a highly strategic withdrawal structure. A primary massive debit transaction involving ₹1 lakh was processed directly through an Amazon Pay merchant terminal. The remaining capital was siphoned off through five separate transactions structured right under specific notification limits, reading exactly ₹19,994.99, ₹19,995.99, ₹19,996.98, ₹19,997.99, and ₹19,999.84.
Jurisdictional Hurdles and Precautionary Blocks
As soon as the victim noticed the rapid-fire transaction stream, he rushed to his local bank branch to submit an emergency account freeze request. He later filed an electronic complaint through the National Cyber Crime Reporting Portal (1930) and initiated the process of lodging a formal police report. Bank officials confirmed that all active card linkages and internet banking pipelines were immediately frozen upon reception of the fraud ticket to isolate the remaining deposits.
The case also exposed lingering jurisdictional friction faced by cybercrime victims. According to the complainant, he first approached the Katras local police station to register his complaint but was advised to contact the specialized district Cyber Police Station. However, when he reached the cybercrime unit, he was informed that because the total cash amount involved was below a particular administrative threshold, the matter had to be handled natively by the local police station.
Renowned cyber crime expert and former IPS officer Prof. Triveni Singh warned that fraudsters are heavily capitalizing on search engine engine gaps to route users toward fraudulent customer care pages. He stressed that a UPI PIN is exclusively an outbound cash deduction key and is never legally required to receive funds, accept medical booking confirmations, or complete incoming transactions.
