CloudSEK Exposes a large-scale fraudulent network responsible for creating and circulating fake Know Your Customer (KYC) documents across India. CloudSEK, a cybersecurity intelligence firm leveraging AI capabilities, uncovered this sophisticated operation that has been impersonating official Common Service Centre (CSC) portals to offer fake KYC services.
The operation, referred to as PrintSteal by CloudSEK, has been active since at least 2021 and relies on a widespread network of local mobile shops and cyber cafés to distribute counterfeit documents, including Aadhaar downloads and address updates. These unauthorized websites lure unsuspecting individuals by offering essential KYC services at low prices, bypassing standard authentication processes.
Key Findings from the CloudSEK Exposes Investigation
Large-Scale Fraud Network
CloudSEK found that over 1,800 domains are linked to the PrintSteal operation, with more than 600 domains currently active. These websites facilitate the easy creation of fake KYC documents.
Fake Document Generation at Scale
The investigation revealed that over 167,391 fraudulent documents were generated through the platform “crrsg.site.” Among these, over 156,000 fake birth certificates were identified.
Extensive Operator Network
Over 2,727 operators are registered on “crrsg.site,” primarily consisting of local mobile store owners and internet café operators. These operators act as middlemen, helping distribute fake documents to individuals.
Financial Profits
CloudSEK Exposes estimates that the platform “crrsg.site” alone generated approximately ₹40 lakh in revenue. This figure only represents a fraction of the potential profits, as similar platforms are believed to exist and operate.
Advanced Setup and Secure Communication
The CloudSEK investigation also highlighted the sophisticated infrastructure of the operation. The scammers use encrypted communication channels like Telegram, along with illicit APIs that access Aadhaar and PAN data. They also deploy structured payment systems and pre-designed templates to generate fake documents quickly.
Widespread Geographical Presence
The CloudSEK report confirmed the PrintSteal operation has been detected in 24 Indian states. Bihar accounted for 55.9% of the fake documents, while Uttar Pradesh followed with 22.6%.
How the PrintSteal Fraud Works
Creation of Fake Websites
Scammers set up websites that mimic the official Common Service Centre (CSC) portals. These websites appear authentic to unsuspecting users.
Easy Access to Fake Documents
The fraudulent websites offer KYC documents, including Aadhaar and PAN cards, for low prices. These sites emphasize quick service to attract customers.
Involvement of Local Shops
Local cyber cafés and mobile shops join the operation, acting as intermediaries who bring customers into the scheme. They enter customer details into the fake websites.
Document Forgery Process
The fake platforms use pre-made templates and the customer’s details to instantly generate forged documents.
Fake Verification QR Codes
To make the documents appear genuine, the scammers embed QR codes. When scanned, these QR codes link to other fake websites designed to appear as official verification portals.
Profit Distribution Model
The middlemen (local shops) pay the scammers a small fee for every fake document generated. In turn, they charge higher fees to customers, earning profits from the price difference.
Operational Concealment
To avoid detection, the scammers use encrypted messaging platforms like Telegram for communication and frequently change domain names to evade law enforcement.
Expert Insights from CloudSEK Exposes
A CloudSEK security researcher highlighted the alarming ease with which these fake documents are being produced and sold. They noted that the scale of the operation underscores a significant cybersecurity and regulatory challenge for India.
“The ability to generate fake KYC documents so easily creates severe risks, including identity theft and financial fraud. It is vital for government agencies, law enforcement, and cybersecurity experts to collaborate and dismantle these networks,” said the researcher from CloudSEK.
Recommendations from CloudSEK Exposes
The CloudSEK report outlines several measures to counter the PrintSteal threat, including:
- Swift law enforcement action to identify and prosecute key figures.
- Working with hosting providers to take down fraudulent domains.
- Targeted investigations to disrupt the network of affiliate operators.
- Enhancing security and verification protocols for all KYC services.
- Running public awareness campaigns to educate citizens about fraudulent KYC websites.
- Encouraging international cooperation to combat such cybercrimes.
