Modus operandi: “Analysis of modus operandi of AePS cyber financial frauds reveals that biometrics information uploaded on states’ registry websites (registration of various deeds like sale deed, agreement to sale, etc) are downloaded by criminals, which is then further ‘cloned’ to carry out unauthorised withdrawals using AePS. Revenue and registration authorities may be requested to mask the fingerprints on the documents publicly available,”

In a letter dated 21 February, the Indian Cyber Crime Coordination Centre (I4C) — the MHA’s nodal agency to tackle matters related to cybercrime — wrote that cybercriminals are “cloning” the biometric data of Aadhaar users uploaded on states’ registry websites that host sale deeds and agreements. ThePrint has seen a copy of the letter.

This data is “cloned” with the intention of carrying out unauthorised withdrawals through AePS, the I4C wrote. The agency asked the state and UT governments to direct their revenue and registration departments to “mask” the fingerprints on documents while uploading them on the registry websites.