Lucknow Cyber Fraud: ₹8.82 Lakh Stolen via Fake UPI Profile in Thakurganj
Lucknow Cyber Fraud: ₹8.82 Lakh Stolen via Fake UPI Profile

Major Cyber Fraud Uncovered in Lucknow: ₹8.82 Lakh Siphoned Through Fake UPI Profile

In a significant cybercrime incident that has sent shockwaves through the community, authorities in Lucknow have uncovered a large-scale fraud operation involving sophisticated identity theft and unauthorized UPI transactions. The case, centered in the Thakurganj area, resulted in the alleged theft of ₹8.82 lakh from multiple bank accounts of a local resident through a fraudulent profile created on the FI Money platform.

How the Elaborate Fraud Was Executed

According to a detailed complaint filed by a resident of Campbell Road, unidentified cyber criminals orchestrated a multi-layered attack that began with stealing the victim's Aadhaar-linked identity and mobile number. The fraudsters then created a deceptive UPI ID—pepark-1@fifederal—under the fabricated name "Pepar Kumar," complete with an associated email account to operate the fraudulent profile.

The most alarming aspect of this scheme was the unauthorized linking of four different bank accounts to this fake UPI profile without the account holder's knowledge or consent. This enabled the perpetrators to access funds across multiple financial institutions simultaneously.

Wide Pickt banner — collaborative shopping lists app for Telegram, phone mockup with grocery list

Timeline and Magnitude of Financial Losses

The unauthorized transactions occurred between September and December 2025, with a particularly intense period of activity from October 4th to October 8th. During this concentrated four-day window, the fraudsters executed their most damaging thefts.

  • Indian Overseas Bank account: Suffered the heaviest loss of ₹7.32 lakh, all withdrawn within just four days
  • State Bank of India account: Experienced a loss of ₹1.49 lakh over a more extended period

The total financial impact reached ₹8.82 lakh, representing a substantial blow to the victim's financial security.

Investigative Focus: SIM Swap as Primary Method

Cybercrime officials investigating the case have identified SIM swap as the most probable technique used by the fraudsters. This sophisticated method involves criminals obtaining a duplicate SIM card of the victim's registered mobile number through forged identity documents or by manipulating telecom service agents.

Once the duplicate SIM becomes active, the victim's original SIM card ceases functioning entirely. This critical switch allows all One-Time Passwords (OTPs) and banking alerts to be diverted directly to the fraudster's device. With this level of access, criminals can easily create UPI IDs on various platforms, link multiple bank accounts, and transfer funds without detection.

Alternative Theories Under Investigation

While SIM swap remains the leading theory, investigators are also exploring other potential methods that could have facilitated this extensive fraud:

  1. Malware infiltration: The victim may have unknowingly installed malicious applications through deceptive links, fake KYC update messages, or compromised WhatsApp APK files
  2. Remote access applications: Certain malicious apps can grant fraudsters the ability to read SMS messages containing OTPs and even gain remote control of the victim's device

These alternative methods would similarly enable unauthorized transactions by bypassing standard security protocols.

Essential Protective Measures Against Cyber Fraud

In light of this sophisticated fraud case, cybersecurity experts emphasize several critical precautions that individuals should implement to protect their financial assets and personal information:

Pickt after-article banner — collaborative shopping lists app with family illustration
  • Monitor network connectivity: Sudden "No Network" messages on your mobile device could indicate a SIM swap attempt—contact your telecom provider immediately
  • Secure Aadhaar-linked information: Keep your Aadhaar-linked mobile number confidential and avoid sharing it publicly or on unfamiliar websites
  • Exercise caution with applications: Only download apps from official stores like Google Play Store and avoid installing unknown APK files
  • Conduct regular device audits: Check your phone frequently for unfamiliar applications and immediately uninstall anything suspicious
  • Review banking communications: Read all bank SMS alerts carefully, paying attention to even small or unfamiliar transactions
  • Enable comprehensive notifications: Activate banking alerts and app notifications to receive instant updates about any account activity
  • Implement device security: Use strong screen locks and app locks to prevent unauthorized access to your smartphone
  • Report incidents promptly: Immediately report any suspected fraud by calling the cyber helpline at 1930 or filing a report on cybercrime.gov.in

Warning Signs That Demand Immediate Attention

Several indicators should trigger immediate protective action:

  • Unexpected loss of mobile network connectivity
  • Unfamiliar applications appearing on your device
  • Unusual SMS alerts from your banking institutions
  • Financial transactions you don't recognize or authorize

This Lucknow case serves as a stark reminder of the evolving sophistication of cyber criminals and the critical importance of maintaining vigilant digital security practices in an increasingly connected financial ecosystem.