Ahmedabad: Cybercrime police on Tuesday arrested four individuals for allegedly orchestrating an AI-driven identity theft and banking fraud operation by manipulating Aadhaar-linked data and creating fake digital credentials.

DCP Cyber Crime Cell Dr. Lavina Sinha said the accused illegally accessed personal data and used UCL kits at CSC centres to change Aadhaar-linked mobile numbers. They then gained access to services such as the Unique Identification Authority of India (UIDAI) and DigiLocker, along with accounts in multiple banks, including IDFC First Bank, Kotak Mahindra Bank, City Union Bank and Jio Payments Bank. Once the registered mobile number was altered, OTPs were redirected to the fraudsters.

According to ACP Hardik Makadiya, each accused had a specific role. Kanu Parmar allegedly provided Aadhaar enrolment kits in exchange for commissions, while Ashish Valand acted as a middleman, distributing the kits and coordinating illegal access. Valand is also facing a prior case in Vadodara related to fake Aadhaar generation.

Mohammed Kaif Patel from Bharuch handled the technical aspect, using victims’ photographs to generate AI-based blinking videos through Google Gemini that could trick facial authentication systems. Deep Gupta from Jhansi supplied sensitive data, including Aadhaar numbers, photographs and alternate mobile numbers.

Investigators said the group sourced victim data through leaks or unauthorised access. They then replaced Aadhaar-linked mobile numbers, intercepted OTPs and took control of accounts. The deepfake videos, created from social media images, were used to bypass biometric verification by displaying them on screens.

Officials said this use of AI-generated deepfakes marks a significant escalation in cyber fraud tactics. The compromised identities were further used to open bank accounts and secure personal loans, causing financial losses to victims.

All four accused have been remanded to judicial custody. Authorities are now expanding the probe to determine the scale of the operation and identify additional suspects, including possible links in other states.

The case came to light after a 36-year-old resident of Thaltej discovered that fraudsters had taken control of their UIDAI services, digital payment accounts and DigiLocker using stolen OTPs and biometric data. The accused had uploaded forged documents, applied for loans across platforms and changed the registered mobile number and email ID, effectively locking out the victim. The fraud surfaced only when unusual loan enquiries appeared in the victim’s credit report. DeshGujarat