Recent hours have seen a surge in cybersecurity incidents, from high-profile bank frauds to judicial interventions protecting consumers. This report compiles the latest developments, categorized by key themes.
Judicial Reinforcement of RBI’s Zero-Liability Protections
A Delhi court has set a landmark precedent by ordering Indian Bank to release ₹77,000 withheld from a cyber fraud victim who reported the unauthorized transaction on the same day it occurred. The ruling underscores the Reserve Bank of India (RBI)’s 2017 framework, which mandates zero liability for customers if fraud is reported within three working days—even if the culprit remains at large. The court criticized the bank’s attempt to deny liability through an internal committee, reiterating that banks bear the burden of proving customer negligence with conclusive evidence.
The RBI’s framework—titled ‘Customer Protection – Limiting Liability of Customers in Unauthorised Electronic Banking Transactions’—covers phishing, OTP fraud, SIM swaps, and card cloning. Banks are now legally obligated to maintain 24/7 complaint mechanisms (via SMS, email, toll-free helplines, and mobile apps) and robust fraud detection systems. Legal experts emphasize that victims must preserve SMS alerts, screenshots, and call logs as evidence and never share OTPs/PINs to strengthen recovery claims.
Advocate Nitika Jain (CMS INDUSLAW) advises victims to lodge complaints on the National Cyber Crime Reporting Portal or call the helpline (1930). The Delhi court’s ruling aligns with Clause 12 of the RBI Circular, which states that banks cannot unilaterally override consumer protections based on internal findings. The judgment also clarifies that losses occurring after fraud reporting must be borne by the bank.
High-Profile Bank Frauds: IAS Officers, Shell Companies, and Government Funds Misappropriation
The Haryana government has granted the CBI permission to probe five IAS officers linked to the ₹590-crore IDFC First Bank fraud, following a Section 17A approval under the Prevention of Corruption Act (PCA). The CBI’s investigation expands on a State Vigilance Bureau report that uncovered irregularities in government funds deposited in IDFC First Bank and AU Small Finance Bank.
Key revelations include:
- Amit Dewan (HPGCL Finance Director) allegedly received ₹25–50 lakh in cash 2–3 times monthly from Ribhav Rishi, the mastermind and former IDFC branch manager. Rishi’s delivery boys facilitated these payments, starting with IPL tickets in April 2025.
- Two major frauds at the IDFC First Bank’s Sector 32 branch (Chandigarh):
- ₹83-crore CREST fraud: Involved 300 unauthorized transactions, forged bank statements, and ₹75.16 crore principal shortfall. Funds were converted into jewellery, bullion, and real estate. Unmasking Financial Fraud provides detailed insights into such large-scale bank frauds.
- ₹117-crore CSCL-MCC fraud: Featured a hidden account with 11 fictitious FDs (₹116.84 crore) and fabricated FDR numbers. Explore the intricate details of the IDFC First Bank fraud to understand the depth of these financial crimes.
- Shell companies (RS Traders, CAPCO Fintech, Swastik Desh Project) were used to siphon funds from eight Haryana government departments. The CBI has arrested 16 accused so far, including bank officials and two suspended IAS officers. For a detailed report on the CBI’s ongoing investigation, refer to the latest updates from The Hindu.
The CBI’s custodial interrogation of Dewan and businessman Vikram Wadhwa (who received ₹75 lakh from the defrauded CREST account) aims to trace the money trail and expose the larger conspiracy. The Punjab Governor transferred both cases to the CBI on April 27, 2026, citing interstate ramifications.
Mule Accounts and the ₹152-Crore Cyber Scam Network
A single complaint in Nizamabad (Telangana) unraveled a nationwide mule account racket involving 46 accounts and ₹152.18 crore in illicit transactions across 14 states. The probe began when a 32-year-old victim (Citizen L) lost ₹1.04 lakh to a fake investment app, leading police to a private bank’s current account (56820000100031001)—a money mule hub linked to frauds in Uttar Pradesh, Bihar, Gujarat, and Telangana.
Key findings:
- The Nizamabad account was first flagged in June 2024 for a ₹4-lakh investment fraud in Noida (UP), but the probe stalled due to jurisdictional challenges.
- Handler Gudumala Nithish and account holder Mohammad Abdul Jawed were arrested after Citizen L’s complaint. Nithish’s phone revealed 13 current accounts with ₹31.07 crore in fraudulent transactions. Bank collusion was suspected, as 106 accounts opened between 2024–2026 were scrutinized, with 46 linked to cybercrimes.
- Victims across states lost sums ranging from ₹32,000 (Bihar homemaker duped via impersonation calls) to ₹13 lakh (Hyderabad official lured by a fake stock app). Recovery remains elusive as funds were transferred across multiple accounts.
Shikha Goel (Director, Telangana Cyber Security Bureau) explained that mule accounts are sold to criminal syndicates and may operate for multiple fraudsters simultaneously. The CyberDost initiative (Ministry of Home Affairs) warns citizens against renting/selling bank accounts, emphasizing that legal consequences include money laundering charges.
Emerging Scam Trends: SIM Swaps, Romance Fraud, and AI-Generated Deceptions
SIM Swap Fraud and Number Spoofing
The BBC (September 2025) reported a rise in SIM swap fraud, where criminals hijack phone numbers using personal data shared on social media to steal bank security codes and empty savings accounts. Which? (UK consumer watchdog) highlighted weak email security as a facilitator and questioned whether mobile networks are doing enough to protect users.
Number spoofing—where scammers impersonate bank phone numbers—remains rampant. Which? advises victims to hang up, wait 15 minutes, and call 159 (UK’s bank verification line) to confirm authenticity. Common spoofing scams include:
- Car finance texts (mis-sold finance claims).
- TV licence renewal emails.
- Apple billing alerts (fake payment issues).
- National Rail ‘free earbuds’ offers.
Romance Fraud and AI-Generated Scams
Romance fraud cost UK victims £102 million in 2025, with older adults (55–74 years) and women bearing the highest losses. Fraudsters use AI-generated images/messages to create fake dating profiles, often luring victims into cryptocurrency investment scams.
Neighbourhood Alert warns of fake social media events (e.g., Buckingham Palace markets, hot air balloon festivals) advertised using AI-generated videos. Which? provides tools to identify AI fakes, such as:
- Reverse image searches (to detect AI-manipulated photos).
- Checking for inconsistencies in event details (e.g., venue addresses).
- Verifying ticket sellers via official platforms.
CyberDost’s Warning on Mule Account Misuse
Sharangopinath (SP, CyberDost) outlines red flags for bank account misuse:
- Unauthorized account openings under your name.
- Requests to ‘receive and transfer’ money (a hallmark of mule account operations).
- Calls from unknown individuals instructing cash withdrawals.
Victims are urged to report fraud immediately via 1930 or the National Cyber Crime Reporting Portal. The Instagram reel on mule accounts garnered 3.3K likes, with users praising the awareness drive.
Final words
The past 48 hours have revealed systemic vulnerabilities in digital banking, public-sector collusion, and transnational cybercrime networks. Judicial interventions and regulatory upgrades offer consumer safeguards, but the scale of mule account operations and evolving scam tactics demand heightened vigilance. Citizens are advised to monitor bank accounts, report fraud instantly, and educate vulnerable groups on AI scams and romance fraud. Report frauds immediately