Massive Data Leaks in India Spark Surge in Fake ID Extortion Scams

There has been a worrisome trend spreading throughout India, with scammers using exposed personal and corporate data to pose as government officials. According to a recent report local news channel, scammers have contacted residents of India and company representatives via phone number and WhatsApp, threatening them with arrest or legal action.

It is important to characterize the development of scammers using increasingly advanced ways of committing fraud, often now utilizing fake ID cards and fake documents that look real.

An Increasing Trend in India Scams Impersonating Government Officials

The main concern in all this is the carefree attitude towards user data protection. The majority of private firms and government agencies that curate residents’ details pay little attention to protecting them. This absence of responsibility has established a trove for threat actors who exploit these vulnerabilities to fool and extort citizens. While these scams are proliferating, Indian authorities are also scoring significant wins. In a recent major crackdown where Indian police busted a ₹84 crore ($10M) cyber scam and arrested 12 suspects, showing a determined pushback against organized cybercrime.

Recently, numerous taxpayers and company owners have reported getting aggressive calls from individuals posing as representatives from the MCA  or the MoF. Notably, these scam-callers demand personal information or confidential company details, often via mobile calls. Also, they reported that these scammers usually refuse to adequately identify themselves.

One complaint even took to X, tagging the MCA and MoF, asking if they are responsible for the rampant callers posing to represent them, who are demanding sensitive information. The user noted that the callers refuse to “say who they are,” therefore, it might be an online fraud capitalising on the details on the agencies’ websites.

The user further added that the caller sent an identity card on WhatsApp, and that TrueCaller showed the ID was that of @InconmeTaxIndia. However, this can be spoofed using any reliable platform.

In one instance, a criminal, using the mobile number 8124166927 and going by the name Prashant, sent a fake government ID card via WhatsApp. The ID card had multiple noticeable errors, such as falsely stating that it was jointly issued by MoF and MCA, which cannot be truthful, as there is no ID that could ever be issued jointly by two different ministries. Additionally, there were visible graphical errors on the card, which clearly confirmed that it was a fake document. The dark web is a common source for the tools and stolen data used to create these convincing forgeries, a problem that has prompted major crackdowns on the platforms that enable this trade, including the FBI’s takedown of prominent dark web platforms linked to a massive data heist.

Indian Officials Disclaim Scams

Shortly after, India’s Income Tax department commented on the incidents. The I-T department noted that it has been frequently sending advisories to taxpayers in the country. The Department has been warning that they remain watchful against fraudulent emails, messages, or calls that impersonate the agency.

Likewise, India’s Ministry of Corporate Affairs released a warning on its social media account about the scams. The agency cautioned that it would never reach out to customers and stakeholders by WhatsApp or mobile calls concerning enforcement actions or non-compliance.

It also warned that users should not engage or interact with unknown links or download documents from suspicious sources. Lastly, the MCA cautioned users against sharing their details via email or WhatsApp.