The KBC Call You Should Never Have Answered: Inside a Pakistan-Linked Lottery Scam

The CyberDiplomat

9 min read
Share
The KBC Call You Should Never Have Answered: Inside a Pakistan-Linked Lottery Scam

A fake prize. Forged RBI documents. Pakistani IP addresses. Assam mule accounts. And a Surat man who lost ₹13.51 lakh chasing a dream that was manufactured on the other side of a border.

The Architecture of a Perfect Lie

The call comes in on WhatsApp. A cheerful voice, professional and warm, with the cadence of someone reading from a script they know well. Congratulations. You have been selected as a winner of the Kaun Banega Crorepati lottery. Your prize: ₹8.5 lakh. Or ₹25 lakh. Sometimes both.

You didn't enter any lottery. But the caller has an answer for that too — it was a special SIM card draw, or a KBC viewer registration, or a lucky dip tied to your Aadhaar number. The details shift. The prize doesn't.

To claim it, you need to pay a small registration fee. Then a processing charge. Then GST. Then RBI clearance. Then insurance. Then a bank account activation fee. Then a No Objection Certificate charge. Each payment unlocks the next requirement. The prize stays just out of reach — always one more fee away — until the victim runs out of money or runs out of patience.

A Surat resident recently ran out of money first.

By the time he dialled 1930, India's cybercrime helpline, he had transferred ₹13.51 lakh across multiple bank accounts. The prize, of course, never arrived.

What Surat's Cyber Crime Cell found when they pulled the thread is a case study in how modern cross-border fraud networks are built — and how they hide in plain sight.

The Anatomy of the Scam: How ₹13.51 Lakh Disappears

To understand why this scam works, it helps to understand what the victim actually experienced. This was not a crude, one-call demand for money. It was a multi-stage, document-backed confidence operation conducted over an extended period.

Stage One — The Hook: The initial call establishes the prize. The brand is KBC — one of India's most trusted television properties, associated with Amitabh Bachchan and the idea that ordinary people can win extraordinary sums. The fraudsters chose this brand deliberately. It carries cultural legitimacy that a made-up lottery cannot.

Stage Two — The Documentation: Here is where the scam becomes sophisticated. Before any money is requested, the victim receives documents. Forged letters on fabricated RBI letterhead. Fake SBI cheques. Official-looking notices bearing the Ministry of Power logo, printed on Rs 100 stamp paper to add a veneer of legal authenticity. The paperwork is designed to answer the doubt before it forms: if this were a scam, would they send me official government correspondence?

Stage Three — The Fee Ladder: The actual extraction is gradual, which is psychologically significant. A single demand for ₹13.51 lakh would be refused immediately. But a registration fee of a few thousand rupees — to "process" a prize worth lakhs — feels proportionate. Then a GST component (because of course there is tax). Then RBI clearance charges (because of course the central bank has to authorise large disbursements). Then insurance. Then an NOC. Each step is plausible given the step before it. By the time the cumulative total crosses ₹13 lakh, the victim has been psychologically anchored to the original prize and is investing further to protect prior investment.

This is known in behavioural economics as the sunk cost fallacy, and professional fraudsters deploy it with precision.

Stage Four — Disappearance: Once the network judges that the victim has been exhausted — either financially or in terms of willingness to pay further — the calls stop. The numbers go dead. The prize was never real. The documents were printed on a consumer printer. The RBI seal was downloaded from the internet.

Following the Money: The Assam Connection

When Surat's cybercrime investigators traced the mobile numbers used in the fraud, they found something that has become a signature of sophisticated Indian cybercrime networks: a clean separation between where the crime is orchestrated and where the money is received.

The calls and WhatsApp messages came from Pakistani IP addresses. The bank accounts that received the victim's money were held in Assam.

This split architecture is not accidental. It is a deliberate design feature.

By routing instructions from Pakistan while using Indian bank accounts — almost certainly mule accounts operated by recruited locals — the network achieves two things simultaneously. First, it makes attribution harder: the Indian bank accounts look, on the surface, like domestic transactions, not international fraud. Second, it creates a legal jurisdictional problem: the financial crime happens in India, but the criminal direction comes from outside India's borders.

The Assam accounts function as what law enforcement calls "the local financial module" — the cash-handling layer that bridges the foreign fraud network and the Indian victim's money. Recruits in Assam open accounts, or hand over existing ones, in exchange for a commission. The money arrives, sits briefly, and is transferred out — often in rapid, fragmented movements designed to defeat transaction monitoring systems.

This is not an Assam problem, specifically. Mule account networks have been documented in Jharkhand, Rajasthan, Bengal, and across the Northeast. Assam appears in this case because that is where these particular operatives were based. The model is geographically flexible; the criminal architecture is consistent.

India-Pakistan tension dominates the political conversation, but a quieter, more insidious cross-border dynamic has been operating for years in the cybercrime space.

Pakistani IP addresses appearing in Indian cyber fraud cases are not new. Indian cybercrime agencies have documented their presence in sextortion rackets, fake tech support scams, investment frauds, and — as this case illustrates — lottery and prize scams. The KBC brand, in particular, has been used repeatedly in frauds believed to be orchestrated from outside India, precisely because it is recognisable and trusted.

The operational model is relatively straightforward. Script writers and callers, operating from locations where Indian law enforcement has no reach, use WhatsApp and VoIP services to contact victims. WhatsApp's end-to-end encryption and the use of Pakistani SIM cards or VPNs obscure the origin. Money flows to Indian mule accounts, is rapidly moved through two or three hops, and eventually exits the traceable system through cryptocurrency conversion, hawala networks, or cash withdrawals by the mule account holders.

Investigating these cases requires cooperation between multiple agencies: local cybercrime cells, the I4C at the national level, and ideally international coordination through Interpol or bilateral law enforcement channels. The Surat team's ability to trace the Pakistani IP addresses demonstrates that technical attribution is increasingly possible. The harder problem is what happens after attribution — building a case that survives across jurisdictions against perpetrators who may never set foot in India.

The Operation: Seven Days in Nagaon

The investigation itself deserves attention, because it illustrates both the ambition and the difficulty of pursuing cybercrime into India's geographic and social margins.

Surat's Cyber Crime Cell traced the financial network to Assam's Nagaon district — a rural area 140 kilometres from Guwahati. Getting there was the easy part. Making arrests without triggering a warning — in a tight-knit rural community where strangers are immediately noticed — required a different kind of police work.

Officers reportedly adopted local clothing and conducted surveillance on motorcycles for seven to eight days before moving. They arrested two suspects from different locations on the same operation. The care taken — the length of the surveillance, the use of local disguise — reflects hard-won experience of how cyber fraud operatives in rural areas behave when they suspect police are watching: they scatter.

This is a pattern across cybercrime enforcement in India. The technical investigation — tracing numbers, mapping account flows, identifying IP addresses — now routinely happens in urban police cyber cells. The physical arrest, however, must happen wherever the mule operator actually lives, which is often hours from the nearest city, in communities where local knowledge is the only thing that prevents a tip-off.

The Surat team's operation was cross-state, cross-cultural, and cross-jurisdictional in the best sense: it followed the evidence wherever it led.

Why KBC? The Weaponisation of Trust

The use of the KBC brand is not a coincidence or a lazy choice. It is a deliberate strategic decision that reflects how well these fraud networks understand the Indian psychological landscape.

Kaun Banega Crorepati has run for over two decades. It is associated with Amitabh Bachchan — one of the most trusted and recognisable figures in India — and with the genuine possibility that an ordinary person can win a life-changing sum. The show has made real people crorepatis. That reality is the raw material of the scam.

For a recipient who is not digitally sophisticated enough to immediately recognise a scam call, the words "KBC lottery" trigger a framework of legitimacy: this is a real show, real people win, why not me? The emotional mechanism is identical to the job advertisements that recruit cyber slaves — it offers the listener the specific version of hope they are most susceptible to. For the young and unemployed, it is the high-salary job abroad. For the older, less digitally confident citizen, it is the lottery prize that would change their family's life.

Fraudsters do not pick brands randomly. They pick the brands that have accumulated the most trust, because trust is what they are converting into cash.

Sony Entertainment, which produces KBC, has repeatedly issued public warnings that the show does not run lottery draws and that no one should pay fees to claim KBC prizes. Those warnings have not stopped the scam because they do not reach the people who most need to hear them: the digitally marginalised, the rural, the elderly, those for whom the difference between a WhatsApp message from "KBC" and a WhatsApp message from a criminal is genuinely unclear.

A Systemic Analysis: What This Case Reveals

The Surat-Assam-Pakistan triangle in this case is not unusual. It is a template. And examining it as a template reveals several systemic vulnerabilities that a single successful arrest cannot fix.

The Document Forgery Problem. The forged RBI and SBI documents in this case were sufficient to convince a victim to transfer over ₹13 lakh. This suggests either that the documents were of high quality, or — more worryingly — that the threshold of document scrutiny among ordinary citizens is low enough that consumer-grade forgeries work. Public education on what genuine RBI and government correspondence looks like, and on the fact that no government body ever requests fees via WhatsApp, is urgently needed.

The Mule Account Ecosystem. The two arrested operatives in Assam are almost certainly not the architects of this fraud. They are the lowest layer of a hierarchy: the people who handle the money, take a cut, and bear most of the legal risk. The architects — in Pakistan, or elsewhere — remain beyond reach. Indian law enforcement has become increasingly effective at dismantling the local financial layer. The harder problem is severing the connection between that layer and the overseas direction. That requires international cooperation that is currently inconsistent and slow.

The Brand Impersonation Gap. KBC is not the only brand used in lottery scams. Amazon, RBI, TRAI, Jio, and dozens of other trusted names appear regularly in fraud scripts. There is no centralised, easily accessible public registry of known fraud scripts and impersonated brands that ordinary citizens can check. Building one — and making it searchable, multilingual, and widely distributed — would reduce the effectiveness of brand-based social engineering.

The Jurisdiction Problem. When a crime is instructed from Pakistan, processed through mule accounts in Assam, and the victim is in Surat, which agency leads? In this case, Surat's Cyber Crime Cell clearly drove the investigation. But inter-state cooperation required resources that smaller cybercrime cells may not have. The I4C's coordination role is valuable, but is not yet uniformly embedded in how local cyber cells operate. Standardising cross-state investigation protocols for cyber fraud would reduce the friction that lets perpetrators exploit jurisdictional seams.

The Victim at the Centre

In the analysis of networks and architectures and jurisdictions, it is easy to lose sight of the person at the centre of this case: a Surat resident who received a phone call, allowed himself to hope, and was systematically dismantled.

₹13.51 lakh is not a number. It is months of a family's income. It is a child's education fund. It is the amount that separates a comfortable retirement from an anxious one. The fraudsters who extracted it did so methodically, document by document, fee by fee, over what was likely weeks or months of sustained contact.

They knew exactly what they were doing. They had a script, a document template, a bank account, and a network that stretched from a rural district in Assam to a server in Pakistan. The victim had a phone and a hope.

That asymmetry — between the industrial sophistication of the fraud and the ordinary vulnerability of the victim — is the central moral fact of the cyber fraud epidemic. It is not about greed or gullibility. It is about the systematic exploitation of the gap between how digital systems can be abused and how much ordinary citizens know about that abuse.

What Should Change

The Surat operation was a genuine success: intelligent surveillance, cross-state coordination, two arrests, and a case that exposes the architecture of a cross-border network. It should be celebrated. It should also be the beginning, not the end, of a response.

Going forward, the priority must be:

Mandatory caller ID verification for financial-related calls, so that numbers appearing to represent KBC, RBI, or SBI can be authenticated or flagged as unverified before the recipient even answers.

A centralised, public-facing database of known fraud scripts and documents — maintained by I4C and accessible via a simple SMS query — that allows anyone to check whether an RBI letter or KBC notice they received matches a known fraud template.

Faster international information sharing with agencies in countries from which fraud calls originate, including a specific bilateral protocol for cyber fraud given the volume and consistency of cases with a Pakistan-origin digital trail.

Treating mule account recruitment as a distinct criminal category with graduated penalties — distinguishing between organised mule recruiters and first-time, economically desperate individuals who handed over their accounts for small sums.

And perhaps most importantly: sustained, multilingual, television and radio-based public awareness that no lottery you did not enter can have a prize for you, and that no government body in India will ever ask you to pay fees over WhatsApp to claim anything.

The Surat case ends with two arrests in Assam and a file sent to court. Somewhere in Pakistan, the people who wrote the script, printed the fake RBI letterhead, and directed the calls are already looking for the next victim.

The only thing that changes that calculus is making the scam stop working. And the only thing that makes the scam stop working is ensuring that no one answers that WhatsApp call and thinks: this could be real.

Read more