IPL Scam Using Deepfakes: Rs4.65 Cr In Potential User Losses

CloudSEK has uncovered a large illegal IPL betting scam ecosystem targeting cricket fans through 1,200+ betting domains, AI-generated deepfake endorsements, fake prediction channels, compromised government websites, money mule accounts, and fake loan apps.

Sourajeet Majumder, Researcher, CloudSEK

FinTech BizNews Service

Mumbai, 19 May 2026: CloudSEK, an AI-native predictive cyber intelligence platform that identifies attack paths and initial access vectors before they are exploited, has released new research mapping a vast, technology-driven illegal betting ecosystem that activates each IPL season to exploit Indian cricket fans at scale. In a separate disclosure last week, CloudSEK exposed fake domains and fake streaming platforms targeting IPL viewers.

This new report goes deeper, into an operation sustained by clone-script platforms, AI-generated deepfakes, compromised government websites, money mule networks, and fake loan apps that trap victims long after the bets are lost.

KEY FINDINGS

• Over 1,200 domains were found actively promoting illegal betting platforms during IPL 2026.
• CloudSEK accessed the admin panel of one such platform and found it was simultaneously operating 25+ different betting websites from a single backend — with full visibility into user deposits, bets, and withdrawal queues.
• Between May 2025 and May 2026, more than 9,300 user withdrawal requests were deliberately rejected by agents on this platform alone, amounting to an estimated ₹4.65 crore in potential user losses. These were not system errors — they were intentional, single-click denials.
• A second admin panel revealed a network of business-registered bank accounts consistent with money mule setups, used to receive and move user deposits while masking the link to platform operators.
• AI deepfake tools are being used to clone the faces and voices of Indian cricketers and popular content creators to fabricate endorsements for betting platforms and tipper channels. These videos are produced cheaply and distributed across Instagram Reels and Telegram before they can be taken down.
• Multiple Indian government (*.gov) websites were found compromised and injected with backlinks pointing to illegal betting platforms — exploiting the trust and search authority of official domains to funnel unsuspecting users toward illegal content. (For More Information, Read Full Blog)

Note: As part of CloudSEK’s responsible disclosure process, the relevant stakeholders have been informed so that corrective action can be taken to patch the identified issues, remove malicious links, and protect users from further exposure.

Snapshot displaying an IPL betting platform 

HOW THE ECOSYSTEM OPERATES

At the centre are clone-script betting platforms, sold openly on Telegram, that can be deployed in days. New users are typically allowed small early wins to build confidence and justify larger deposits. When they try to withdraw, funds are blocked, delayed, or denied outright.

Illegal platforms acquire users through a network of self-styled "tippers",  operating on Telegram and Instagram as former bookies or insiders, who earn affiliate commissions on every rupee their followers deposit, win or lose. This season, tippers increasingly rely on AI-generated deepfakes of celebrities to manufacture credibility.

Snapshot displaying AI-generated deepfakes of YouTuber Ranveer Allahbadia and cricketer Smriti Mandhana used to promote betting tipper channels and match prediction scams

Beneath the platforms, a mature underground economy keeps operations running: money mules receive and move deposits through rented bank accounts; black-hat SEO networks manipulate search rankings by injecting links into compromised websites; bulk SMS operators send mass unsolicited messages from spoofed IDs; and lead generation services run Meta and Google ad campaigns targeting cricket fans on behalf of illegal platforms.

The final layer targets victims after their losses. Fake loan apps, advertised on social media with promises of instant approval, harvest contacts, photos, and call logs, then weaponise this data to coerce repayment through threats and public humiliation. (For More Information, Read Full Blog)

"What we are documenting is not a collection of opportunistic scams — it is a structured, seasonal criminal industry. The use of AI deepfakes to fabricate celebrity endorsements and the deliberate rejection of user withdrawals at scale represent a significant escalation in both sophistication and audacity. As the ecosystem grows more advanced, so must our collective awareness and response,” Sourajeet Majumder, Researcher, CloudSEK

IMPACT

The direct financial harm is significant, but it extends beyond lost deposits. Victims who turn to fake loan apps enter a second trap where their personal data is weaponised against them. Money mules face criminal liability many did not anticipate. And the exploitation of government infrastructure for SEO manipulation makes official domains unwitting participants in fraud. Each IPL season, the operation starts earlier, reaches further, and converts more effectively.

SAFEGUARDS

• No tipper or prediction channel has insider knowledge of match outcomes. A convincing track record is part of the scam.
• Referral links from tippers are a commercial arrangement — tippers earn on your deposits, not your winnings.
• Treat any celebrity endorsement of a betting platform on social media as a deepfake until proven otherwise.
• Do not download loan apps promoted via social media ads. Apps requesting access to contacts, photos, and call logs are harvesting data for coercion.
• If funds are blocked on a betting platform, document all screenshots and file a complaint at cybercrime.gov.in.
• Report unsolicited betting SMS messages to TRAI's DND service.