DELHI: A multi-state cyber fraud syndicate that targeted bank customers under the pretext of updating Know Your Customer (KYC) details has been uncovered in Delhi, exposing yet another organised network exploiting fear and digital ignorance to commit large-scale financial crimes. Four men have been arrested from Jharkhand and West Bengal for allegedly orchestrating a systematic operation that compromised mobile phones, accessed banking credentials and carried out unauthorised loans and fund transfers.
How the KYC Scam Operated
The arrested accused have been identified as Shiv Kumar Ravidas (22), Sanjay Ravidas (33), Dinesh Ravidas (29) and Shubham Kumar Barnwal (25). Investigators said the group posed as bank representatives and contacted customers with urgent warnings that their accounts would be frozen unless KYC details were immediately updated. The sense of urgency was deliberately created to push victims into acting without verification.
Certified Cyber Crime Investigator Course Launched by Centre for Police Technology
The modus operandi followed a well-rehearsed pattern. Victims were first contacted through phone calls and text messages claiming to be from bank support teams. Once trust was established, they were sent a link or an APK file, described as an official banking update or security application. When installed, the file activated malware on the victim’s phone, granting the fraudsters remote access to sensitive data and banking applications.
Unauthorised Loans and Fund Transfers
Using this access, the accused allegedly carried out unauthorised transactions, including availing credit card loans, personal loans, and transferring large sums from victims’ accounts. Instead of directly withdrawing the money, the funds were routed through mule bank accounts, making detection and recovery difficult. Cash was later withdrawn using ATMs, point-of-sale machines and other banking channels to erase the digital trail.
Complaint That Triggered the Probe
The case came to light after a woman from Delhi’s Sagarpur area filed a complaint in December 2025. She reported receiving repeated calls from unknown individuals claiming to be bank officials. After clicking on a link sent to her phone, she began receiving alerts indicating that a ₹8.33 lakh loan had been processed on her credit card, followed by unauthorised withdrawals of ₹5 lakh and ₹3.3 lakh. The complainant denied approving any of these transactions, prompting a detailed investigation.
Jharkhand–West Bengal Belt Under Scanner
Technical analysis revealed that the fraud network was operating from the Jamtara belt in Jharkhand, a region that has gained notoriety for cybercrime operations over the years. Investigators found that the accused frequently shifted their locations between Jharkhand and West Bengal to avoid surveillance and arrest, making coordinated action necessary.
Based on intelligence inputs, raids were conducted in the Nirsa area of Dhanbad district, where three accused were caught allegedly making fraudulent calls to potential victims. The fourth accused was arrested from Hooghly district in West Bengal, confirming the inter-state nature of the operation.
Devices, SIM Cards and Digital Evidence Seized
Search operations led to the seizure of 10 mobile phones, 13 SIM cards, clothing allegedly used during ATM withdrawals, and extensive digital evidence. The recovered data included malicious APK files, phone records, Excel sheets containing bank account details, transaction logs and communication histories linked to multiple victims.
Organised Roles Within the Syndicate
Interrogation revealed a clear division of roles within the syndicate. Some members specialised in procuring malware and APK files, others focused on contacting and manipulating victims, while another group managed mule accounts and cash withdrawals. This structure indicated a long-running and organised criminal setup rather than sporadic cyber fraud.
Warning Against KYC-Themed Cyber Scams
Investigators are now working to identify additional associates and determine the full scale of the fraud, including the number of victims across states and the total amount siphoned off. The case also serves as a stark reminder that banks never ask customers to download APK files or share credentials through unsolicited calls or messages.
