Bengaluru: Major changes made to the US visa application process for Indians in the last few months have led to cyber criminals exploiting the applicants and gaining access to their data.

In a first such case registered in Bengaluru, a 45-year-old engineer was cheated by a fraudster on social media app Telegram. The victim was assured that his interview for a B1/ B2 non-immigrant visa for a temporary visit, originally scheduled for April 2026, would be advanced.

The victim from RR Nagar told the police that on May 22, he came across a channel on Telegram with information regarding the B1/ B2 visa application. Intrigued, the victim joined the channel called t.me/hyderabadchennai. When DH cross-checked the app on Saturday, the channel remained active with 4,232 members. 

The victim was immediately contacted by the scamster, who identified himself as Vanam Sravan Krishna. The engineer was told that his visa appointment could be rescheduled sooner for a nominal fee of Rs 10,000. The suspect then asked for the victim’s login credentials, including password, of the US visa application portal and received them.

Things turned into a nightmare for the victim, who told the police that the fraudster first sent him a fake “appointment rescheduled” receipt and once he received the Rs 10,000 as a fee, began to threaten him for another Rs 10,000, failing which he would change the login credentials.

Despite transferring another Rs 10,000, the scamsters changed the victim’s login credentials, locking him out of the visa application portal, the police said. West CEN police registered the case on May 24, and a probe is underway.

Larger implications

Senior cybercrime investigators said that though the amount lost is small compared to other cybercrimes, the implications in these cases would be serious.

“The first issue is the victim voluntarily sharing the credentials and approaching a third party to circumvent an official process. In such cases, the authorities from the respective embassies are unlikely to cooperate, since the victim is also equally at fault, at least from their point of view,” a senior CID officer told DH. 

“Since he has been locked out and may not be able to recover the account as the scamster may have changed security prompts like a security question for password recovery, he may not be able to raise another visa application request. And embassies tend to cancel appointments and, in worst cases, ban an applicant if they smell fraudulent activity,” he added. 

Another officer said that there was also a likelihood of identity theft and data misuse.

“Since the account now belongs to the scamster, they can essentially impersonate the victim and even access any documents he may have uploaded to the application portal. I want to reiterate that people shouldn’t share their details, especially sensitive login credentials, to unknown people on the internet,” a senior cybercrime investigator in Bengaluru told DH.