Introduction
App KYC fraud is a common cyber scam in which fraudsters pretend to be officials from banks, payment apps, telecom companies, or customer support departments. They contact people through phone calls, text messages, WhatsApp, emails, or social media and falsely claim that their KYC details need to be updated. Victims are often told that their bank account, wallet, or mobile service will be blocked if they do not complete the verification process immediately. The real intention of the fraudster is to gain access to the victim’s device, personal information, or financial accounts.
How Does A KYC Scam Usually Work?
The fraud generally starts with a call or message informing the victim that their KYC has expired. The message may include a mobile number or a link and instruct the victim to contact customer support for verification.
Once contact is established, the fraudster convinces the victim to download a remote-access application such as AnyDesk, TeamViewer, or similar software. The victim is then asked to share an access code or approve a connection request. After gaining access, the fraudster can view the phone screen, monitor banking activities, read text messages, obtain OTPs, and carry out unauthorized transactions. Many victims only discover the fraud after money has already been withdrawn from their accounts.
Why Are App KYC Frauds Increasing?
The growing use of digital banking, mobile wallets, UPI services, and online payment platforms has created new opportunities for cybercriminals. Since KYC verification is a familiar requirement for many users, fraudsters find it easier to convince people that their request is genuine.
These scams rely on creating urgency. Victims are often warned that their account will stop functioning unless immediate action is taken. Fear of losing access to essential services causes many individuals to act without verifying the authenticity of the communication.
What Are The Different Forms Of KYC Fraud?
Fraudsters use various methods to carry out KYC scams. Some impersonate bank officials or customer-care executives, while others pretend to represent telecom providers, insurance companies, courier services, or payment platforms.
In some cases, victims are asked to make a small payment to complete the verification process. During this interaction, criminals obtain banking details or payment credentials. Another common technique involves sending fake KYC links through SMS, email, or messaging applications. These links direct users to fraudulent websites designed to collect sensitive information such as Aadhaar details, PAN numbers, banking credentials, and passwords.
Which Provisions Can Be Used Against KYC Fraudsters?
Several legal provisions may apply in cases involving KYC fraud.
Section 318 of the Bharatiya Nyaya Sanhita, 2023 deals with cheating and fraudulent inducement.
Section 319 of the Bharatiya Nyaya Sanhita, 2023 applies when a person commits fraud by impersonating someone else.
Section 61 of the Bharatiya Nyaya Sanhita, 2023 may apply where multiple individuals work together as part of a conspiracy.
Section 111 of the Bharatiya Nyaya Sanhita, 2023 may become relevant in cases involving organised cybercrime groups.
Section 66C of the Information Technology Act, 2000 penalises identity theft involving electronic records and credentials.
Section 66D of the Information Technology Act, 2000 specifically addresses cheating by personation through computer resources.
If the proceeds of the fraud are transferred through multiple accounts or concealed to disguise their origin, provisions of the Prevention of Money Laundering Act, 2002 may also be invoked.
What Do Recent Investigations Show?
Recent cybercrime investigations indicate that KYC fraud has become a significant tool used by organised fraud networks. These groups often combine fake KYC requests with investment scams, trading app frauds, phishing attacks, and identity theft schemes.
Investigators have uncovered cases where criminals used fraudulent customer-care numbers, fake websites, and remote-access applications to gain control over victims’ financial accounts. Such cases demonstrate how cybercriminals increasingly rely on social engineering techniques rather than sophisticated hacking methods.
How Can People Protect Themselves?
Individuals should be cautious of unsolicited calls, messages, or emails claiming that KYC verification is pending. Genuine banks and service providers do not ask customers to install remote-access software to complete KYC formalities.
Users should never disclose OTPs, passwords, UPI PINs, debit card details, credit card information, or internet banking credentials to anyone. They should also avoid clicking on suspicious links and verify customer-support numbers through official websites or mobile applications.
Before downloading any application suggested by an unknown caller, users should carefully check its purpose and legitimacy. Granting remote access to a stranger can expose personal and financial information to misuse.
What Should Victims Do If They Fall For The Scam?
Victims should immediately collect and preserve all available evidence, including screenshots, messages, call records, emails, transaction details, and bank statements. This information can assist authorities during the investigation.
A complaint may be filed through the official or at the nearest cybercrime police station. Victims should also report the incident to the cybercrime helpline 1930 as soon as possible. Prompt reporting may help authorities freeze suspicious transactions and reduce financial losses.
Conclusion
App KYC fraud is successful because it exploits trust, urgency, and lack of awareness. Most victims are not hacked in the traditional sense; they are persuaded to voluntarily share information or grant access to their devices.
As digital services continue to become part of everyday life, awareness remains one of the most effective safeguards against cybercrime. Understanding that legitimate organisations do not ask for OTPs, passwords, PINs, or remote access for KYC verification can help users avoid becoming victims of these increasingly common scams.
