In a scam that lasted six months, customers of a major bank in Kolkata were misled by phone calls that sounded utterly believable. The callers had everything: customer names, account details, and deep knowledge of bank procedures. Victims were told they needed to verify information like OTPs or card numbers to prevent account blocks or win cashback.
But it wasn’t the bank calling. It was a group of fraudsters led by Nafisa Ali, a former bank employee, according to investigators. With insider knowledge and confidence, they posed as real staff and gained access to customers’ credit cards—ultimately maxing out credit limits for personal gain.
Not a Foreign Hacker—It Was an Inside Job
Unlike most cybercrimes that are blamed on shadowy international hackers, this scam came from within. Police say Ali used her experience and contacts within the bank to access sensitive client data. The gang exploited this information to target customers one by one, extracting their credit card details and carrying out transactions—sometimes within minutes.
Once the fraud came to light, bank authorities dug into call records and transaction logs. What they found was disturbing: a deliberate, coordinated attack carried out by someone who knew the system from the inside.
Brutally Simple, Shockingly Effective
The strategy was frightening in its simplicity. No malware, no phishing links—just a phone call that sounded trustworthy. The fraudsters relied on urgency and fear. “Your card will be blocked,” some victims were told. Others were congratulated for winning offers that required “just one OTP.”
The trust that customers placed in what they believed were legitimate bank calls made the scam successful. By the time customers realized something was wrong, their cards had already been drained.
How to Stay Safe: 6 Critical Lessons
The case has prompted warnings from cybersecurity experts and police, who urge citizens to follow these key safety tips:
- Never share OTPs, PINs, or CVVs over phone calls—banks never ask for them.
- Hang up if there’s pressure or urgency—fraudsters rely on fear and speed.
- Enable SMS/email alerts to track unauthorized transactions immediately.
- Use low-limit or virtual cards for online transactions to minimize risk.
- Keep your devices secure—use antivirus software and avoid suspicious apps.
- Report scams fast—speed can mean the difference between saving and losing money.
This scam fooled people who never thought they’d fall for one—because it didn’t look like one. It sounded like their bank calling. That’s what made it dangerous. Awareness, not fear, is your strongest defense. Stay alert. Verify always. When it comes to your money, being cautious isn’t overreacting—it’s smart protection.