With some local mobile shops and cyber cafés knowingly acting as middlemen, people seeking genuine KYC services are being trapped in an ecosystem that fuels identity theft and financial fraud.
1,800 fake domains, ₹40 lakh in illicit profits
The investigation by CloudSEK, an AI-based threat intelligence company, has revealed that “PrintSteal” is one of the largest KYC fraud networks in India, using over 1,800 fake domains to impersonate government websites.
These platforms offer Aadhaar downloads, PAN card updates, and birth certificates. More than 167,000 fake documents have been generated, and the scam has raked in at least ₹40 lakh in illegal profits.
Operating since 2021, PrintSteal targets the Indian government’s Common Service Centre (CSC) initiative, exploiting its trusted status. The scam runs through 2,727 registered operators, often using local mobile shops and cyber cafés as distribution hubs.
The Common Service Centre (CSC) is a key Indian government initiative that provides a range of essential services to citizens, often involving the handling of sensitive KYC (Know Your Customer) documents.
Here’s how the fraud operates:
Fake websites: Scammers set up portals that mimic government services, tricking users into providing their details.
Mass production: Using pre-built templates, the platform instantly generates counterfeit documents, including Aadhaar, PAN, and birth certificates.
Fake QR codes: To enhance credibility, these documents include QR codes that link to fraudulent verification sites.
Cyber cafés as middlemen: Local shops and cyber cafés act as intermediaries, submitting customer details and charging a fee.
Encrypted communications: The network uses Telegram groups and illicit APIs to remain undetected, frequently changing domains to evade law enforcement.
The staggering scale of the operation:
- 600+ active scam websites are still operational.
- Bihar (55.9%) and Uttar Pradesh (22.6%) have the highest number of fake documents detected.
- 156,000+ counterfeit birth certificates have been issued.
A major cybersecurity threat
Experts warn that the ease with which these fake documents are being produced poses severe risks to India’s financial system and national security. Fraudulent Aadhaar and PAN cards could facilitate identity theft, tax fraud, and even terror financing.
“A scam of this scale highlights major cybersecurity and regulatory loopholes. The government and law enforcement agencies must act swiftly to dismantle this network,” a CloudSEK security researcher stated.
The need for stronger cyber defences
- There remains an urgent need for:
- Stronger verification mechanisms for Aadhaar and PAN authentication.
- Regular audits and security upgrades to prevent impersonation of government websites.
- Public awareness campaigns to educate citizens about fraudulent online services.
With digital fraud on the rise, vigilance and proactive cybersecurity measures are essential to safeguarding India’s digital identity ecosystem.
Also read: India faces 44% more cyberattacks per week than the rest of the world: Check Point study
