A resident of Sitamarhi has lost ₹7.62 lakh from his bank account without receiving any one-time password (OTP) request or transaction alert, raising serious concerns over the robustness of digital banking security systems. The entire amount was siphoned off gradually over two months, with the victim unaware until the account balance dropped to zero.
Authorities say that the withdrawals were made without triggering the usual safety nets, no OTPs were sent, and no SMS or email alerts were generated, even though the transactions were sizable. This has sparked fears of a new wave of sophisticated fraud techniques that could potentially bypass conventional banking safeguards.
FCRF Launches India’s Premier Certified Data Protection Officer Program Aligned with DPDP Act
The Sitamarhi cyber police have launched an investigation into the incident, with forensic teams analyzing bank records and IP logs. Officials are working to determine whether the breach occurred due to advanced social engineering, a banking system vulnerability, or possible insider involvement. The probe also aims to uncover how fraudsters could override two-factor authentication mechanisms, which are standard in most Indian banking operations.
Pattern Emerging Across North Bihar
This incident is not isolated. In May 2025, two residents of nearby Muzaffarpur lost ₹5.07 lakh after fraudsters posed as Bandhan Bank officials and tricked victims into revealing KYC-related information. Those transactions, too, were executed without OTP verification.
Cybercrime officials in Bihar have recorded a sharp rise in OTP-less frauds over the past year. Investigators suspect the use of remote access tools, SIM cloning, and manipulation of APIs that handle authentication requests. Financial cybersecurity experts have emphasized the need for banks to conduct urgent audits of their backend infrastructure and alert systems.
The victim in Sitamarhi has reportedly filed formal complaints with both the cybercrime unit and his bank. Officials have assured that recovery efforts are underway, but admitted that tracing the funds could take time, especially if they have been funnelled through multiple accounts or crypto exchanges. Meanwhile, local authorities are urging residents to remain vigilant, avoid sharing personal or banking information over phone calls, and regularly check their account balances for suspicious activity.