đ CloudSEK has raised $19M Series B1 Round â Powering the Future of Predictive Cybersecurity
Read More
Identify and counter malicious links and phishing attempts effectively with CloudSEK XVigil Fake URLs and Phishing module, bolstering your defense against cyber threats
Schedule a DemoResearcher: Aarushi Koolwal
Analysts: Abhinav Pandey & Vikas Kundu
Editor: Benila Susan Jacob
Despite Indiaâs digital revolution, a large swath of the population still prefers physical copies over their digitized counterparts, especially when it comes to ID cards such as driving licenses, Aadhaar, etc. This need accounts for the existence of corner shops that provide ID printing services. However, with physical stores shutting down due to the pandemic, many have turned to the internet to avail of ID printing services.
This trend has led to threat actors jumping on the bandwagon by hosting fake websites and impersonating major Indian firms that claim to deliver hard copies of ID cards. Scores of Indian citizens have fallen prey to this scam. Since individual losses only amount to a few hundred rupees, victims and law enforcement are not in any hurry to dismantle these campaigns. But given the scale of the operation, it deserves closer investigation.
In this blog, we delve into the modus operandi of an Uttar Pradesh based group that is running a large-scale ID Card printing scams campaign impersonating popular Indian brands to defraud the Indian public.
CloudSEKâs contextual AI digital risk platform XVigil uncovered an Uttar Pradesh based threat group operating hundreds of fake ID printing websites, with the following shared characteristics:
There has been a significant increase in the usage of Aadhaar recently and the demand for Aadhaar-based authentication grew between 2018 and 2021(UIDAI Annual Report (2020-21). This increase can be attributed to the enhanced use of Aadhaar along with other two-factor authentication methods (2FA). The graph below depicts the use of Aadhaar for authentication and it can be seen touching an all-time high of 1,413.40 crore transactions in the 2020-21 fiscal year.
Whois data on newly registered domains reveals a noteworthy correlation between the number of malicious domains registered in 2020-21 and the hike in Aadhaar based authentication.
XVigilâs routine scanning identified multiple fake domains advertising cheap printing and laminating services to scam people. Further investigation revealed multiple fraudulent websites advertising similar services with fake customer support numbers concentrated in the Western Uttar Pradesh region. A thorough examination of the campaign revealed that these websites are part of a large-scale campaign involving unauthorized access to victims’ KYC portals. Multiple complaints have been posted by the victims of these scams on various social media platforms such as Twitter and Facebook.
Unsuspecting users are deceived into visiting these malicious websites either in direct or indirect ways.
This is a method of spamming victims with messages, emails, or social media communication which contain URLs of the malicious websites, along with the promise of partnership and financial returns. The lure of easy money prompts the user into clicking the link and visiting the malicious website.
In this method, the malicious domains are distributed using SEO (Search Engine Optimization) techniques or other Social Media platforms.
The malicious domains uncovered as a part of CloudSEKâs investigation had the following shared characteristics:
Phone | Name | Email (If any) | Location |
---|---|---|---|
97615 02188 | Aman Kumar | N/A | Uttar Pradesh West |
97615 02191 | Liza Khan | [email protected] | |
76185 33517 | New Print/ Mohd Faiz | [email protected] | Uttar Pradesh West |
9546801090 | Gungun Mobile | N/A | Bihar |
8340469639 | Gungun Mobile Shop Pachrukhiya Internet World/ Rahul Patel | [email protected] | Bihar |
9761502183 | N/A | N/A | Uttar Pradesh West |
9761502184 | Print Karo Office | [email protected] | Kolkata |
8865953003 | Digital Pan Banking | [email protected] | Uttar Pradesh West |
9152500514 | Raj Br | N/A | Mumbai |
9536878878 | Kendra | [email protected] | Uttar Pradesh West |
9760606361 | Aadharsmartcard | N/A | Uttar Pradesh West |
01341-297075 | Washif New Print | N/A | Uttar Pradesh West |
![]() |
![]() |
---|---|
A Tweet from 2017 about a scam platform dubbed âMaza Aadhaarâ | The 2016 âMaza Aadhaarâ scam targeted users in the pretense of Aadhaar plastic card printing services |
![]() |
![]() |
---|
Images associated with the phone number 8865953003
Â
Philippines Government and Civil Service Commission Data Exposed in May 2022
Take action now
CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.
Digital Risk Protection platform which gives Initial Attack Vector Protection for employees and customers.
Software and Supply chain Monitoring providing Initial Attack Vector Protection for Software Supply Chain risks.
Creates a blueprint of an organization's external attack surface including the core infrastructure and the software components.
Instant Security Score for any Android Mobile App on your phone. Search for any app to get an instant risk score.
9
min read
ID Card Printing Scams Orchestrated by UP-Based Group Defrauds the Indian Public
Researcher: Aarushi Koolwal
Analysts: Abhinav Pandey & Vikas Kundu
Editor: Benila Susan Jacob
Despite Indiaâs digital revolution, a large swath of the population still prefers physical copies over their digitized counterparts, especially when it comes to ID cards such as driving licenses, Aadhaar, etc. This need accounts for the existence of corner shops that provide ID printing services. However, with physical stores shutting down due to the pandemic, many have turned to the internet to avail of ID printing services.
This trend has led to threat actors jumping on the bandwagon by hosting fake websites and impersonating major Indian firms that claim to deliver hard copies of ID cards. Scores of Indian citizens have fallen prey to this scam. Since individual losses only amount to a few hundred rupees, victims and law enforcement are not in any hurry to dismantle these campaigns. But given the scale of the operation, it deserves closer investigation.
In this blog, we delve into the modus operandi of an Uttar Pradesh based group that is running a large-scale ID Card printing scams campaign impersonating popular Indian brands to defraud the Indian public.
CloudSEKâs contextual AI digital risk platform XVigil uncovered an Uttar Pradesh based threat group operating hundreds of fake ID printing websites, with the following shared characteristics:
There has been a significant increase in the usage of Aadhaar recently and the demand for Aadhaar-based authentication grew between 2018 and 2021(UIDAI Annual Report (2020-21). This increase can be attributed to the enhanced use of Aadhaar along with other two-factor authentication methods (2FA). The graph below depicts the use of Aadhaar for authentication and it can be seen touching an all-time high of 1,413.40 crore transactions in the 2020-21 fiscal year.
Whois data on newly registered domains reveals a noteworthy correlation between the number of malicious domains registered in 2020-21 and the hike in Aadhaar based authentication.
XVigilâs routine scanning identified multiple fake domains advertising cheap printing and laminating services to scam people. Further investigation revealed multiple fraudulent websites advertising similar services with fake customer support numbers concentrated in the Western Uttar Pradesh region. A thorough examination of the campaign revealed that these websites are part of a large-scale campaign involving unauthorized access to victims’ KYC portals. Multiple complaints have been posted by the victims of these scams on various social media platforms such as Twitter and Facebook.
Unsuspecting users are deceived into visiting these malicious websites either in direct or indirect ways.
This is a method of spamming victims with messages, emails, or social media communication which contain URLs of the malicious websites, along with the promise of partnership and financial returns. The lure of easy money prompts the user into clicking the link and visiting the malicious website.
In this method, the malicious domains are distributed using SEO (Search Engine Optimization) techniques or other Social Media platforms.
The malicious domains uncovered as a part of CloudSEKâs investigation had the following shared characteristics:
Phone | Name | Email (If any) | Location |
---|---|---|---|
97615 02188 | Aman Kumar | N/A | Uttar Pradesh West |
97615 02191 | Liza Khan | [email protected] | |
76185 33517 | New Print/ Mohd Faiz | [email protected] | Uttar Pradesh West |
9546801090 | Gungun Mobile | N/A | Bihar |
8340469639 | Gungun Mobile Shop Pachrukhiya Internet World/ Rahul Patel | [email protected] | Bihar |
9761502183 | N/A | N/A | Uttar Pradesh West |
9761502184 | Print Karo Office | [email protected] | Kolkata |
8865953003 | Digital Pan Banking | [email protected] | Uttar Pradesh West |
9152500514 | Raj Br | N/A | Mumbai |
9536878878 | Kendra | [email protected] | Uttar Pradesh West |
9760606361 | Aadharsmartcard | N/A | Uttar Pradesh West |
01341-297075 | Washif New Print | N/A | Uttar Pradesh West |
![]() |
![]() |
---|---|
A Tweet from 2017 about a scam platform dubbed âMaza Aadhaarâ | The 2016 âMaza Aadhaarâ scam targeted users in the pretense of Aadhaar plastic card printing services |
![]() |
![]() |
---|
Images associated with the phone number 8865953003
Â