A disturbing trend is spreading across India — fraudsters are using leaked personal and business data to pose as government officials. They are calling citizens and company representatives on the phone and through WhatsApp, threatening them with legal action or arrest. These scams are becoming more sophisticated, often supported by fake identity cards and forged documents that look genuine at first glance.
What makes the situation worse is the careless attitude towards data protection. Many government departments and private businesses that collect citizens’ information show little concern for securing it. This lack of responsibility has created a goldmine for cybercriminals who exploit these leaks to deceive and extort people.
Fake Government Calls on the Rise
Many business owners and taxpayers have reported receiving aggressive calls from people claiming to represent the Union ministry of finance (MoF) or the ministry of corporate affairs (MCA). These callers demand confidential company or personal information, often using mobile numbers and refusing to properly identify themselves.
“@FinMinIndia @MCA21India do you have staffers making aggressive calls to companies and demanding information from mobile numbers? Are we required to respond to such calls where they do not say who they are? This appears to be a digital fraud based on information made available by you on the website! The person has sent an ID on WhatsApp. TrueCaller shows @IncomeTaxIndia, but it can be spoofed.”
In one specific case, a fraudster using the mobile number 8124166927 and identifying himself as Prashant sent a fake government ID card through WhatsApp. The card contained several glaring errors — including the false claim that it was jointly issued by both the MoF and MCA, which is impossible since no single ID can be issued by two separate ministries. It also had visible graphical flaws, clearly confirming it was a forged document.
Official Clarifications
The
income tax (I-T) department responded to these incidents, stating: “We would like to reiterate that the Income Tax Department has been regularly issuing advisories cautioning taxpayers to stay vigilant against fraudulent calls, emails, or messages impersonating the Department.”
Similarly, the ministry of corporate affairs (MCA) issued a warning on its official social media handle @MCA21India:
While these advisories are welcome, many citizens have questioned the lack of action against specific phone numbers and individuals involved in these impersonation scams. One user responded pointedly:
“This is great. But how about some action against the numbers? 8124166927 shows the name of the person as Prashant on WhatsApp and shared a fake government ID full of graphical errors.”
These fraudulent calls underscore how personal and business data—often accessible through public databases or leaked from insecure platforms—are being exploited by cybercriminals. The stolen information is now being weaponised to impersonate officials, threaten people and extract money or confidential details.
A few days ago, a former colleague called to share her experience with a suspicious phone call. She had received several calls from people claiming to represent a private insurance company — the same company with which she holds a policy. The callers even quoted her correct policy number and said they wanted to visit her home for a ‘courtesy call’ and if she could share her address.
When she questioned why they needed her address if they already had her details as a policyholder, the caller replied that her information was stored with ‘a different department’ and that he only had her mobile number. That explanation immediately raised red flags — a genuine representative from an insurance company would have access to the customer’s full details, including address. This was clearly a fraudulent call attempting to collect more personal information or even some other ulterior motive.
I also reassured my colleague that she shouldn't blame herself for sharing her address over the phone. No one eventually turned up at her home on the scheduled date and time — a typical sign of a scam. The truth is, much of our personal data today is already available online, either for free or for a price, making everyone vulnerable to such fraud attempts. I told her to remain cautious and install a CCTV camera near her door, if one was not already in place (either installed by her or her housing society).
The Dark Side of Online Car Resale Platforms
The problem doesn’t end with fake government impersonations. Data shared with private businesses—particularly second-hand car sale and purchase platforms—is also being misused. Several users have reported serious privacy breaches, including threatening calls and even police involvement, after sharing their identity and vehicle details with car resale agents and apps.
One of the platforms frequently mentioned in user complaints is Cars24 which facilitates the buying and selling of used vehicles. The company has already earned criticism for flooding users with unwanted promotional SMS. However, beyond nuisance messaging, there are far more worrying reports of data mishandling and unsafe ownership transfers.
Car Sale Gone Wrong
One
user posted on X stating,
“The way the car used in the #RedFort blast changed hands gives goosebumps about how old cars are sold in this country. Not just local agencies but even reputed ones like @cars24india leave you scared. As my diesel car clocked 10 years, I sold it off in 2023. The agency made me sign blank transfer papers, saying the car would be transferred to their name. Within days, I started getting calls from different people identifying themselves as Mr Khan from Gujarat — a new person every day. They had my Aadhaar and PAN details, which I had given to the agency and were apparently leaked. They wanted me to appear at RTO Gurugram to give an NOC for the transfer. I refused, saying I had already handed over the car to the agency. Then came threats and arguments — and suddenly, one day, the calls stopped. To this day, I don’t know who owns that car or what it’s being used for. There must be a proper, verified buyer-seller process in the resale of old cars.”
Loan Trap
Another
user shared a more horrifying incident. He says,
“I bought a used car from @cars24india in 2022. The very next day, I was waylaid by a gang from Bajaj Finance in the heart of Gurgaon’s office district and forced to hand over the vehicle. Apparently, the earlier owner had not cleared the loan!”
These accounts expose a serious systemic flaw in how sensitive data and vehicle ownership records are managed in India’s used car market. Incomplete registration processes, careless handling of personal documents, and weak verification systems have left ordinary consumers vulnerable to fraud, harassment, and legal complications.
How Cybercriminals Exploit the Data
1. Data Harvesting
Fraudsters mine leaked databases, online portals and business listings to collect personal, corporate and vehicle-related information. This data, either stolen or obtained from the dark web by paying some money, becomes the foundation for a range of targeted scams.
2. Fake Identity Creation
Using the harvested data, scammers forge official-looking ID cards, seals, and even digital signatures to pose as government officials or authorised agents. These fake credentials often look convincing enough to deceive unsuspecting victims.
3. Threat and Extortion
Once trust is established, victims receive intimidating phone or WhatsApp calls claiming non-compliance or pending investigations. The scammers then demand money or confidential information under the threat of legal action.
4. Misuse of Vehicle Data
In cases involving second-hand vehicles, fraudsters exploit incomplete vehicle registration certificate (RC) transfers or leaked ownership documents to blackmail sellers and buyers. They often pressure victims into appearing at regional transport offices (RTOs) or paying ‘settlement fees’ to avoid trouble.
India’s Massive Data Exposure Problem
These scams are thriving because of years of unchecked data breaches that have exposed sensitive personal and institutional information to criminals worldwide.
As far back as 2018, India witnessed one of the largest data breaches in the world. The World Economic Forum’s Global Risks Report 2019 highlighted that the Aadhaar database — the government’s ID repository containing records of 1.1bn (billion) citizens — had suffered multiple security breaches.
According to the report:
The situation has worsened in recent years. In 2022, a massive ransomware attack on the All-India Institute of Medical Sciences (AIIMS) paralysed its centralised records and hospital services. The Indian Computer Emergency Response Team (CERT-In) found that the attack was enabled by improper network segmentation. The then minister of state for electronics and IT, Rajeev Chandrasekhar,
confirmed that the breach was carried out by unknown threat actors.
In 2023, the Indian Council of Medical Research (ICMR) suffered another serious breach that allegedly exposed the personal details of over 815 million Indians. The US-based cybersecurity firm Resecurity reported that on 9 October 2023, a hacker using the alias 'pwn0001' offered access to the Indian citizen Aadhaar and passport database on a dark web forum.
The scale of such leaks keeps expanding. In 2024, cybersecurity researchers uncovered a massive dataset containing more than 26 billion leaked records from global platforms like LinkedIn, X (formerly Twitter), Snapchat, Weibo and Tencent. The data, amounting to 12 terabytes (TB), was discovered by Security Discovery and Cybernews,
sparking fresh concerns about privacy and identity theft.
This widespread exposure of personal, medical and government data has created a perfect environment for cybercriminals. Armed with stolen information, they can now impersonate officials, misuse citizen records, and launch targeted extortion or financial scams with frightening precision.
How to Stay Safe
- Ignore Suspicious Calls or Messages:
Do not respond to phone calls or WhatsApp messages from people claiming to be government officials, especially if they use mobile numbers or send documents via WhatsApp.
- Protect Your Personal Information:
Never share copies of your Aadhaar card, PAN, or vehicle registration certificate with unverified agents, portals, or apps.
- Avoid Signing Blank Papers:
When selling a vehicle, never sign blank transfer or authorisation forms. Always ensure the buyer’s name, date, and transaction details are clearly filled in.
- Verify Official Communication:
Cross-check all messages or notices through official department websites or helplines, not through WhatsApp or private numbers.
- Report Fraud Immediately:
If you receive fake ID cards, threatening calls, or suspicious messages, report them to the national cybercrime helpline (1930) or file a complaint at www.cybercrime.gov.in
India’s ongoing data leaks—across both public and private systems—have created fertile ground for fraudsters to impersonate officials and exploit citizens. From fake MCA inspectors to car resale scams, the message is clear: your personal data has become the new currency of crime.
Stay calm, verify every claim, and never allow anyone to pressure you into sharing details or making payments over a phone call or WhatsApp chat. Remember, genuine government agencies never operate this way.
Protect your data. Question every suspicious message.
Stay Alert, Stay Safe!
How To Report Cyber Fraud?
Do report cybercrimes to the National Cyber Crime Reporting Portal
http://cybercrime.gov.in or call the toll-free National Helpline number, 1930. To follow on social media: Twitter (@Cyberdost), Facebook (CyberDostI4C), Instagram (cyberdostl4C), Telegram (cyberdosti4c).
If the fraud is related to your bank account, you need to immediately send an email to the official email ID of your branch (you can find it on the bank's website or your passbook) with a copy to the bank's customer care. Even if you have called the official number for customer care, you must still send an email describing your conversation with the bank executive, along with the time, date, and duration of the call. This will be helpful if you face a liability issue with the bank.
One such complaint on social media asked :
