Nearly 16,000 cyber frauds hit SBI branches in 22 months, RTI reveals scale of digital bank scams

State Bank of India (SBI), India’s largest bank, has reported nearly 16,000 cyber fraud cases across its branches in just 22 months, highlighting the rapid rise of digital banking scams. RTI data reveals that while SBI accelerates its adoption of AI and technology-driven banking, cybercriminals are executing increasingly sophisticated attacks on unsuspecting customers.

What the RTI Data Shows

Between January 1, 2024, and October 31, 2025, SBI documented 15,956 cyber-related financial frauds. In comparison, non-cyber frauds numbered 5,105, meaning digital scams were nearly three times more frequent than traditional frauds.

The RTI response, filed by activist Abhay Kolarkar, confirms a clear trend: as banking shifts to apps, cards, and UPI, cybercrime has become the default mode of fraud, while legacy frauds still occur in isolated but high-value cases.

Financial Impact of Cyber Frauds

• Total losses from cyber fraud: ₹118.47 crore
• Total losses from other frauds: ₹477.64 crore
• Online banking frauds: 6,630 cases, ₹62.37 crore
• Mobile banking frauds: 227 cases, ₹3.23 crore
• ATM-related frauds: 1,085 cases, ₹7.6 crore

While traditional frauds account for higher cumulative losses, the high volume and velocity of cyber frauds make ordinary customers more vulnerable day-to-day. Each new digital banking feature is also a potential attack vector for fraudsters exploiting user behavior.

State-wise Trends and Insider Threats

• West Bengal recorded the highest number of cyber frauds: 1,838 incidents, ₹12.60 crore.
• Employee involvement: 606 cases, ₹222.24 crore.

These figures highlight a concerning insider angle, showing that internal collusion can amplify cybercriminal operations. Certain regions, like West Bengal, are emerging as hotspots for organized financial cybercrime rather than just isolated phishing incidents.

Why Cyber Frauds Are Increasing

Banks are adopting AI, automation, and digital-first banking to improve efficiency, but user security awareness is lagging. Fraudsters are employing layered tactics, including:

• Social engineering and fake customer-care calls
• App cloning and remote-access tools
• Mule accounts and insider collusion

The result: everything appears official—OTPs come from real bank numbers, payment screens look authentic—but a single click can transfer funds into fraud networks. RTI figures only capture reported incidents, suggesting the real exposure is likely much higher.

Steps SBI Customers Should Take

1. Treat every request for OTP, PIN, CVV, or device access as potentially malicious, even if it appears official.
2. Avoid installing remote-access apps or clicking on links claiming to be for KYC updates, account verification, or card upgrades.
3. In case of unauthorized transactions, call 1930, file a complaint on cybercrime.gov.in, and notify your branch in writing to establish a clear dispute trail.

The RTI findings serve as a warning for all Indian banking customers: the cyber fraud ecosystem is fully digital, but user awareness has not caught up. Vigilance is the first line of defense.