Threat Research

Cyble – Con Games: Fraudsters Posing As VLEs Duping CSC Bank Mitra Scheme Subscribers

Securonix

Cyble researchers examined a fraud operation where impostors posing as Village Level Entrepreneurs duped CSC Bank Mitra subscribers through a counterfeit CSC registration portal and staged KYC-like interactions. The scheme leveraged fake website ecscgov.co.in, forged documents, and multiple bank/UPI accounts to siphon funds from rural subscribers. #BankMitra #ecscgov

Keypoints

  • Fraudsters impersonated CSC VLEs to lure rural subscribers into registering for Community Service Point (CSP) Bank Mitra via a fake portal.
  • The fake site used was “ecscgov.co.in,” with victims directed through a fraudulent application form that collected identifying documents (Aadhaar, PAN, Voter Card).
  • Communication with victims occurred over WhatsApp (number +919163270984), where operators posed as CSC personnel to gain trust.
  • Victims received counterfeit prospectus and commission charts, then login details for the fraudulent portal after paying fees that government rules say are not required.
  • Financials involved multiple bank/UPI accounts: SBI (35387334400, Mohit Sharma), Axis Bank (922010024644297, Kundan Kumar), and additional accounts under Save Solution Pvt. Ltd. (Union Bank, Bandhan Bank).
  • Open-source findings show several fraudulent domains (ecscgov.co.in, ecscgov.com, e-cscgov.co.in, e-csc.gov.co.in) and social media references; CSC alerted via official postings.
  • Overall takeaway: weak credential-verification and unverified VLE websites enable such frauds, underscoring need for ongoing threat intelligence and domain monitoring.

MITRE Techniques

  • [T1566.002] Phishing: Spearphishing via Link – Fraudsters directed victims to visit a fake CSC portal to register and submit documents. Quote: “…directed by the fraudsters to visit and register on a fake website “ecscgov.co.in” …”
  • [T1583.001] Acquire Infrastructure: Domain Names – Use of multiple fraudulent domains (ecscgov.co.in, ecscgov.com, e-cscgov.co.in, e-csc.gov.co.in) to host the bogus portal. Quote: “A DNS search on ecscgov.co.in and ecscgov.com revealed the following related fraudulent domains:”
  • [T1036] Masquerading – Fraudsters impersonated CSC operators (VLEs) to gain victims’ trust. Quote: “pretending to be a CSC operator (also known as Village Level Entrepreneur or VLE).”
  • [T1566.003] Phishing: Spearphishing via Service – Victims contacted via WhatsApp as the attack vector for recruitment and coordination. Quote: “…contacted the victim via WhatsApp using the mobile number +919163270984 – pretending to be a CSC operator…”

Indicators of Compromise

  • [Domain] – ecscgov.co.in, ecscgov.com, e-cscgov.co.in, e-csc.gov.co.in (fraudulent domains used to host the portal and mislead victims)
  • [IP Address] – 184.168.118.234 (ecscgov.co.in), 184.168.96.164 (e-cscgov.co.in)
  • [Email] – [email protected], [email protected], [email protected] (communications from fraud operations)
  • [Phone] – +919163270984, +917699197820, +917596916988 (WhatsApp/communication numbers used by fraudsters)
  • [Bank account] – SBI 35387334400 (Mohit Sharma), Axis Bank 922010024644297 (Kundan Kumar), Save Solution Pvt. Ltd. accounts (Union Bank 58160201004556, Bandhan Bank 50210001545711)
  • [IFSC] – SBIN0001719, UBIN05530042, BDBL0001750 (linked to fraudulent accounts)

Read more: https://blog.cyble.com/2022/12/16/con-games-fraudsters-posing-as-vles-duping-csc-bank-mitra-scheme-subscribers/