Indian financial institutions see surge in Deepfake-based fraud attempt: Report
New Delhi, May 18
Deepfake-enabled fraud, powered by artificial intelligence, is emerging as a new high‑impact attack vector that targets financial institutions, customers and transaction ecosystems, a report said on Monday.
The report from Seqrite, the enterprise security arm of cybersecurity solutions provider Quick Heal Technologies Limited said AI‑driven impersonation attacks that use synthetic voice, video and identity manipulation are increasingly able to bypass traditional verification mechanisms.
Attackers can mimic executives, relationship managers, or customers with high accuracy, enabling fraudulent authorisations, account takeovers, and real-time payment manipulation.
These attacks are particularly effective in environments where speed of transaction often outweighs verification depth, the report noted.
Over 265.52 million detections across more than 8 million endpoints were recorded between October 2024 and September 2025 with an average of 505 detections every minute.
Trojans accounted for about 43 per cent of detections and file infectors about 35 per cent, the report said, noting many campaigns relying on social engineering and identity deception to initiate compromise.
Financial institutions, by design, operate on trust-driven interactions across customers, vendors, and internal systems.
Deepfake-based fraud exploits this trust layer, embedding itself within legitimate communication channels such as calls, video verifications, and approval workflows, making detection significantly more complex.
Under the Digital Personal Data Protection (DPDP) Act, 2023, financial institutions are required to safeguard personal data and ensure secure processing across digital interactions.
A deepfake-led breach can lead to unauthorised access, identity misuse, and compliance violations, exposing organisations to regulatory penalties and reputational damage.
The report urged a shift from static identity verification to dynamic, behaviour-led validation. Institutions must strengthen multi-layered authentication, deploy anomaly detection across transaction flows, and monitor communication channels for manipulation signals.
The next phase of threats will be increasingly AI-driven, adaptive, and capable of bypassing conventional controls, it forecasted.
— IANS
Reader Comments
This is exactly why my parents, who are not tech-savvy, keep getting suspicious calls. The government and RBI should mandate a simple two-step verification for all transactions above ₹10,000. Also, awareness campaigns in regional languages would help a lot! 🤔
I’m a cybersecurity analyst, and we’ve been warning about this for years. The report’s suggestion of dynamic, behavioral-led validation is spot on. But implementation will be costly for smaller banks and NBFCs. Hope the government provides some incentives for upgrading security infra.
As someone who moved from the US to work in Mumbai’s fintech sector, I can say this is a global challenge. India’s digital payment ecosystem is way ahead, but that also makes it a bigger target. The 265 million detections figure is staggering—shows how proactive Seqrite is. Kudos! 👏
Honestly, I’m not surprised. I got a WhatsApp call from "my manager" asking for an OTP last month. Luckily, I smelled a rat. But what about the elderly or less educated folks? Banks need to educate customers directly—maybe send SMS alerts about new fraud types. Ab toh har hafte naya scam aa raha hai! 😤
This is a wake-up call for all of us. I manage a small CA firm, and we’re seeing clients getting tricked by deepfake videos of "CEOs". The DPDP Act penalties are huge, but compliance is expensive for MSMEs. Maybe banks can offer subsidized security audits for small businesses? Just a thought.
We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.