A surprising case of cyber fraud has emerged from the Banbhulpura area of Haldwani in Nainital district of Uttarakhand, where a young man allegedly lost over ₹2.5 lakh from his bank accounts without clicking any suspicious link or sharing any OTP. The incident has raised serious concerns about the safety of digital banking systems and customer awareness in India’s rapidly expanding online financial ecosystem.
According to the victim, he had switched off his mobile phone and gone to sleep on the night of May 24. However, when he turned it on the next morning, he was flooded with multiple OTP messages. Soon after, he discovered that around ₹1 lakh had been transacted from his SBI credit card through the BookMyShow application. He immediately lodged a complaint on the cybercrime portal.
FCRF’s Flagship Cyber Law Certification Returns With a New Four-Week Cohort
The situation worsened on the night of May 31 when suspicious transactions were again carried out from multiple bank accounts and credit cards linked to him. This time, around ₹90,000 was debited from another credit card, approximately ₹28,000 was withdrawn from his SBI credit card through multiple transactions, ₹29,900 was deducted from an Axis Bank account, and another ₹1,000 was taken from his SBI savings account.
What makes the case even more alarming is that while he received transaction alerts for credit card usage, no SMS notifications were received for withdrawals from his bank accounts. This delay in alerts prevented timely action, allowing the fraudsters to continue siphoning money.
Distressed by repeated losses, the victim submitted bank statements, transaction screenshots, and copies of cyber complaint reports to the concerned authorities, demanding a full refund of the stolen amount and strict action against those responsible.
Experts say such incidents are not always dependent on OTP leaks or phishing links. In some cases, fraudsters may exploit malware, cloned devices, or backend vulnerabilities in banking systems to gain unauthorized access. This makes cyber fraud increasingly difficult to detect in real time.
The case has once again highlighted the growing risks associated with digital banking, where users often remain vulnerable despite security measures. With the rise in online transactions, cybercriminals are also adopting more advanced and harder-to-trace techniques.
Authorities have urged citizens to immediately report suspicious financial activity on the national cybercrime helpline 1930 and to use only verified and official applications for banking and payments.
Cybersecurity experts note that criminals are increasingly using techniques like SIM swap fraud and device cloning, which allow them to bypass OTP-based security in certain scenarios. Such methods can delay detection and increase financial losses before preventive steps are taken.
Banks and security agencies continue to advise customers to install only official apps, avoid unknown links or calls, and keep two-factor authentication and transaction alerts fully enabled to minimize risks.
The victim, meanwhile, said he is mentally disturbed after facing two separate fraud incidents within a short span and is unable to understand how his accounts were accessed despite maintaining basic security precautions.
This incident serves as a reminder that in the digital age, caution and awareness remain the strongest defense against cybercrime. As technology advances, so do the methods used by cybercriminals, making vigilance essential for every user.
Experts have reiterated that any unusual or unauthorized transaction should be reported immediately to banks and cyber helplines so that accounts can be secured before further damage occurs.
