Stay updated with the latest - Click here to follow us on Instagram
© The Indian Express Pvt Ltd
Tags:
Journalism of Courage
In focus
In a six-month-long operation, Delhi Police said it dismantled what it described as a major cybercrime syndicate that defrauded State Bank of India credit card holders across the country, siphoning off more than Rs 2.6 crore.
The Police said Saturday that 18 people had been arrested, including the alleged masterminds, insiders at a Gurgaon call centre, SIM card suppliers, cryptocurrency handlers and field operatives. The network was operating out of Kakrola and Uttam Nagar in Dwarka, the police added.
The police said the syndicate was run much like a company, with divided roles and responsibilities. The scheme began with employees at a Gurgaon-based call centre, which had authorisation to handle SBI’s Card Protection Plan services. Those employees, police said, leaked customer information — including names, registered mobile numbers and partial card details — with particular focus on clients enrolled in the protection program.
The data was passed on to callers who posed as bank executives. According to police, those callers used scripted conversations to persuade victims that they were dealing with genuine customer service representatives.
“The pretext for these calls commonly involved offering assistance, renewal, or verification of CPP benefits, thereby creating a facade of legitimacy and instilling trust in the victim,” said Vinit Kumar, deputy commissioner of police with the Intelligence Fusion and Strategic Operations unit.
During the calls, the accused deployed fabricated terms such as One Time Permission and Customer Value Verification Code to manipulate victims into handing over authentication details like one-time passwords and card verification values. “The process was executed in real time, allowing the syndicate to immediately utilize the stolen credentials to conduct unauthorized online transactions,” Kumar added.
The stolen data was then used to purchase electronic gift cards from platforms including EaseMyTrip and Woohoo. Those gift cards were sold to travel agents and intermediaries, who used them to buy domestic airline tickets. The gang was paid in cash or cryptocurrency, often in the form of Tether, police said. The cycle was repeated across multiple states, with callers deliberately avoiding customers in Delhi to avoid drawing scrutiny.
In the crackdown, the police seized 52 mobile phones, dozens of SIM cards and sensitive customer data. Police identified the alleged ringleaders as Ankit Rathi, Waseem and Vishal Bhardwaj. Two call centre employees, Vishesh Lahori and Durgesh Dhakad, were accused of leaking customer information.
Others arrested included operational handlers Rahul Vishwakarma, Pawan Bisht, Kailash Purohit, Himanshu Chugh and Ravin Saini, as well as finance operatives Akhilesh Lakhotia and Harsh Chauhan. Another man, Shivam Sehrawat, was accused of supplying SIM cards to the group.
“It is a matter of grave concern that sensitive data has been consistently leaked by employees of a major call centre,” Kumar said. He added that employees hired as far back as 2019 had been systematically leaking company data for years.
“This alarming breach not only exposes the company’s inability to safeguard confidential information but also raises urgent questions about the adequacy of its security protocols and monitoring systems,” he said. “Given that the call centre holds critical data of major banks in India, this breach represents a severe financial risk and positions the company as a significant source of data leakage leading to cyber financial frauds.”
Stay updated with the latest - Click here to follow us on Instagram
