CloudSEK Identifies Large-Scale ‘PrintSteal’ Fake KYC Document Generation Scam in India

Cybersecurity agency CloudSEK has recognized a large-scale fraud operation in India that includes the technology of faux Know Your Customer (KYC) paperwork. Dubbed ‘PrintSteal’, the operation concerned using a number of pretend domains that impersonated authorities web sites. The scammers reportedly generated over 1.67 lakh pretend paperwork, producing greater than Rs. 40 lakh in the method. The agency additionally discovered that the fraudulent paperwork had been generated utilizing personally identifiable data (PII) harvested from paperwork supplied by unsuspecting prospects.

‘PrintSteal’ Fraud Operation Imitated Legitimate CSCs to Trick Users

In an in depth publish explaining how the fraudulent scheme was executed, the CloudSEK studies that the scammers arrange over 50 web sites that had been designed to mimic the federal government’s Common Services Centres (CSCs). CSCs are an vital a part of the e-governance mechanism in the nation, and the fraudulent web sites would use domains that had been much like those utilized by official CSCs.

A print portal dashboard utilized by the fraudsters (faucet to increase)
Photo Credit: CloudSEK

The fraudsters would then use social media, search engine optimisation, chat apps, and even cybercafés to advertise the pretend web sites. When customers go to these websites, they’re requested to supply a number of PII, together with their bodily handle, cellphone quantity, Aadhaar quantity, pictures, date of delivery, PAN card particulars, and even their UPI IDs and financial institution data.

As the pretend web sites had been designed to repeat reliable authorities web sites, unsuspecting customers would assume that they’re sharing their information with an official web site. The safety agency states that after the knowledge was supplied by a person, the system would generate fraudulent paperwork that resemble real ones, similar to a PAN card, Aadhaar card, driving licence, or perhaps a voter ID.

QR codes on the pretend paperwork result in fraudulent websites (faucet to increase)
Photo Credit: CloudSEK

The agency mentioned the risk actors would cost a price that ranged between Rs. 20 to Rs. 35 to generate a single doc. Their associates, concerned in the distribution of those paperwork, would cost the client the next quantity to make a revenue. The pretend KYC paperwork even embrace QR codes that result in an internet site that shows the doc, in order to idiot prospects into pondering they’re visiting a reliable authorities web site.

During its investigation, the agency additionally found that the pretend KYC paperwork generated by the scammers had been saved on cloud storage companies like ImgBB and ImgPile, as a substitute of being discarded — this cloud infrastructure might doubtlessly be used to promote a few of these fraudulently created paperwork.

A screenshot of the scammer warning associates about investigations
Photo Credit: CloudSEK

CloudSEK estimates the fraudsters generated Rs. 40 lakh in income from the recognized community of internet sites, which has generated over 1,60,000 pretend paperwork. It additionally warned that it had detected comparable websites, with over 1,800 domains — 600 of those are at present lively. These platforms are arrange utilizing predesigned templates and exterior APIs.

The fraudulent operation might pose a number of dangers, together with monetary fraud and identification theft, as these paperwork are sometimes issued by the federal government after verification. CloudSEK additionally factors out that they may pose a threat to nationwide safety, if these pretend paperwork are used to cover identities whereas committing severe crimes.

Some of the agency’s suggestions embrace prosecution of key actors, cross company (and worldwide) collaboration, web site and area takedowns, shutting down native networks, two-factor (or biometric) authentication for verification, real-time verification, public consciousness, and using AI and machine studying to detect fraud.