02-07-2025
Delhi man loses Rs 10.80 lakh after ‘SBI KYC update call'; police trace scam to Jharkhand
A sophisticated phishing and identity theft racket originating from Jharkhand was busted following the arrests of three men who allegedly duped a Delhi resident of Rs 10.80 lakh under the guise of a fake KYC update linked to an SBI credit card, the Delhi Police said on Tuesday.
The police identified the accused as Mujaffar Jilani, Aftab Ansari, and Mohammad Iqbal Raza.
According to the police, the case came to light after K C Barthwal, a 49-year-old resident of Palam, lodged a complaint at the South West cyber police station. Barthwal said in his complaint that he received a call on April 5 from someone claiming to be from SBI's Mumbai headquarters. The caller allegedly claimed that Rs 588.82 had been debited from Barthwal's credit card and offered to help block the card unless KYC details were updated through a provided link.
According to Barthwal, believing the caller was legitimate, he followed the instructions and unwittingly divulged his card details. Over the next few days, further calls extracted sensitive banking credentials, leading to a series of unauthorised transactions totalling Rs 10.80 lakh from April 10 to April 12, as per the complaint.
The police decided to focus on 'known cybercrime hubs' in Jamtara in Jharkhand, Amit Goel, Deputy Commissioner of Police, South West, said. 'On examining the victim, it was revealed that the accused sent a fake link resembling SBI's official website to collect the victim's sensitive card information, including card number, CVV, expiry date, and OTP. With these details, the gang gained unauthorised access to the victim's credit card and later his internet banking credentials. On the basis of technical surveillance, the accused were located in Karmatar in Jamtara,' Goel added.
After two days of ground efforts, including surveillance in disguise, the police arrested Jilani and Ansari. Their interrogation led to the arrest of the third accused, Raza.
According to the police, the investigation uncovered a detailed modus operandi: the accused used spoofed calls to initiate phishing, sent fake KYC links mimicking SBI's website, and deployed a malicious APK file named 'Customer Support' to hijack real-time OTPs and net banking details. The stolen funds were laundered through gaming apps and digital wallets, including A23 Gaming, Classic Rummy, Mobikwik, and Umpire First Gaming, the police said. The money was then routed through a network of mule accounts and withdrawn in cash using fake SIM cards sold at premium rates to ensure anonymity.
According to the police, Jilani and Ansari were responsible for receiving the laundered funds, while Raza deployed the malicious app and forwarded the victim's calls and SMSes to a fake number to confirm transactions. The police have recovered five smartphones, six SIM cards, and one debit card used in the fraud. Authorities have also linked the trio to multiple other complaints lodged via the National Cybercrime Reporting Portal.
