CloudSEK Identifies Large-Scale ‘PrintSteal’ Fake KYC Document Generation Scam in India

Cybersecurity agency CloudSEK has recognized a large-scale fraud operation in India that entails the technology of faux Know Your Buyer (KYC) paperwork. Dubbed ‘PrintSteal’, the operation concerned the usage of a number of faux domains that impersonated authorities web sites. The scammers reportedly generated over 1.67 lakh faux paperwork, producing greater than Rs. 40 lakh within the course of. The agency additionally discovered that the fraudulent paperwork have been generated utilizing personally identifiable info (PII) harvested from paperwork supplied by unsuspecting prospects.

‘PrintSteal’ Fraud Operation Imitated Professional CSCs to Trick Customers

In an in depth submit explaining how the fraudulent scheme was executed, the CloudSEK reviews that the scammers arrange over 50 web sites that have been designed to mimic the federal government’s Frequent Providers Centres (CSCs). CSCs are an necessary a part of the e-governance mechanism within the nation, and the fraudulent web sites would use domains that have been much like those utilized by official CSCs.

A print portal dashboard utilized by the fraudsters (faucet to develop)
Picture Credit score: CloudSEK

The fraudsters would then use social media, search engine optimisation, chat apps, and even cybercafés to advertise the faux web sites. When customers go to these websites, they’re requested to supply a number of PII, together with their bodily deal with, telephone quantity, Aadhaar quantity, images, date of delivery, PAN card particulars, and even their UPI IDs and financial institution info.

Because the faux web sites have been designed to repeat reliable authorities web sites, unsuspecting customers would assume that they’re sharing their knowledge with an official web site. The safety agency states that after the data was supplied by a person, the system would generate fraudulent paperwork that resemble real ones, comparable to a PAN card, Aadhaar card, driving licence, or perhaps a voter ID.

QR codes on the faux paperwork result in fraudulent websites (faucet to develop)
Picture Credit score: CloudSEK

The agency stated the menace actors would cost a price that ranged between Rs. 20 to Rs. 35 to generate a single doc. Their associates, concerned within the distribution of those paperwork, would cost the shopper the next quantity to make a revenue. The faux KYC paperwork even embrace QR codes that result in an internet site that shows the doc, with a purpose to idiot prospects into considering they’re visiting a reliable authorities web site.

Throughout its investigation, the agency additionally found that the faux KYC paperwork generated by the scammers have been saved on cloud storage providers like ImgBB and ImgPile, as a substitute of being discarded — this cloud infrastructure might probably be used to promote a few of these fraudulently created paperwork.

A screenshot of the scammer warning associates about investigations
Picture Credit score: CloudSEK

CloudSEK estimates the fraudsters generated Rs. 40 lakh in income from the recognized community of internet sites, which has generated over 1,60,000 faux paperwork. It additionally warned that it had detected comparable websites, with over 1,800 domains — 600 of those are at present energetic. These platforms are arrange utilizing predesigned templates and exterior APIs.

The fraudulent operation might pose a number of dangers, together with monetary fraud and id theft, as these paperwork are sometimes issued by the federal government after verification. CloudSEK additionally factors out that they may pose a danger to nationwide safety, if these faux paperwork are used to cover identities whereas committing critical crimes.

Among the agency’s suggestions embrace prosecution of key actors, cross company (and worldwide) collaboration, web site and area takedowns, shutting down native networks, two-factor (or biometric) authentication for verification, real-time verification, public consciousness, and the usage of AI and machine studying to detect fraud.