The Indian Cybercrime Coordination Centre (I4C) under the Ministry of Home Affairs (MHA) has issued a cybersecurity advisory warning that cybercriminals are increasingly using AI-generated deepfakes and synthetic identities to bypass facial authentication, liveness verification, Video-KYC procedures and account recovery systems. The advisory highlights growing risks to banks, fintech firms and digital financial services from sophisticated AI-powered identity fraud.
Key Highlights
✅ I4C issues advisory on AI-driven authentication bypass threats
✅ Deepfake videos and synthetic identities being used for fraud
✅ Facial authentication and Video-KYC systems under threat
✅ Fraudsters collecting facial data through fake interviews and video calls
✅ Financial institutions urged to deploy deepfake detection technology
✅ Consumers advised to lock biometrics and monitor login alerts
✅ SIM swap attacks may be used alongside identity theft attempts
✅ Immediate reporting of suspicious activity can help prevent losses
The Indian Cybercrime Coordination Centre (I4C), under the Ministry of Home Affairs (MHA), has issued a critical advisory warning citizens, financial institutions and fintech companies about the growing threat of AI-driven authentication bypass attacks targeting India’s financial infrastructure.
According to the advisory, cybercriminals are increasingly leveraging Artificial Intelligence (AI), deepfake technology and synthetic identities to circumvent facial authentication systems, liveness verification checks, Video-KYC procedures and account recovery mechanisms used across banking and digital financial platforms.
The advisory warns that fraudsters are exploiting advanced AI tools to create highly realistic digital replicas capable of mimicking an individual’s facial expressions, eye movements, voice patterns and behavioral characteristics. Such AI-generated content may be used to gain unauthorized access to financial accounts, digital wallets and online services if appropriate detection systems are not in place.
I4C noted that cybercriminals often begin their operations by contacting potential victims through social media platforms, messaging applications, job portals, dating websites and direct phone calls. These interactions are designed to obtain facial recordings and personal information without raising suspicion.
The advisory highlighted that victims may unknowingly provide valuable biometric data during fake job interviews, deceptive video calls or social engineering attacks where they are asked to look at the screen, turn their head, blink repeatedly or speak specific phrases. These interactions can be secretly recorded and later processed using AI-powered deepfake generation tools.
Once sufficient facial data has been collected, fraudsters may create synthetic identities capable of imitating genuine users. In the absence of effective deepfake detection systems, such content could potentially bypass facial authentication and liveness verification technologies employed by financial institutions.
The advisory further cautions that successful authentication bypass attempts may facilitate fraudulent KYC verification, unauthorized digital wallet activation, account takeover incidents and financial identity theft. Criminals may also use these synthetic identities to open or activate financial accounts for illegal activities.
To address these emerging threats, I4C has urged customer onboarding systems, banks, NBFCs and fintech companies to integrate advanced deepfake and synthetically generated content detection mechanisms into their verification processes. The agency emphasized that strengthening authentication frameworks is critical for protecting digital financial ecosystems.
The advisory also outlines important precautions for consumers. Users are encouraged to lock their biometric credentials wherever such options are available, regularly monitor email notifications for suspicious login attempts and review account activity for signs of unauthorized access.
I4C stressed that victims should immediately report any suspected financial fraud, identity theft or unauthorized transactions. Quick reporting can significantly improve the chances of freezing siphoned funds before they move through the banking network. Citizens are advised to file complaints through the National Cyber Crime Reporting Portal and share all available evidence, including fraudsters’ contact numbers, communication records and suspicious video links.
Additionally, the advisory warns consumers to remain alert to possible SIM swap fraud. If a mobile connection suddenly stops functioning without explanation, users should immediately contact their telecom service provider to verify that a fraudulent SIM replacement has not occurred.
As AI technology becomes increasingly sophisticated, cybersecurity experts believe that awareness, robust deepfake detection capabilities and rapid incident reporting will play a crucial role in defending India’s financial infrastructure against emerging cyber threats.
FAQ Section
What is the I4C advisory about?
The advisory issued by the Indian Cybercrime Coordination Centre (I4C) warns about cybercriminals using AI-generated deepfakes and synthetic identities to bypass facial authentication and digital verification systems.
How do fraudsters collect facial data ?
Cybercriminals may gather facial recordings through fake video calls, fraudulent job interviews, social media interactions, dating platforms and other social engineering tactics.
What is a deepfake ?
A deepfake is AI-generated synthetic media that can realistically imitate a person’s face, expressions, eye movements and voice.
Why are banks and fintech companies being targeted ?
Many financial institutions rely on facial authentication, liveness verification and Video-KYC systems, making them attractive targets for identity-based fraud.
How can consumers protect themselves ?
Consumers should lock biometric credentials, avoid sharing facial recordings with unknown individuals, monitor account activity and report suspicious activity immediately.
What should I do if I suspect identity theft ?
Report the incident immediately through the National Cyber Crime Reporting Portal, notify your bank and preserve all available evidence related to the fraud.
