NEW DELHI: A cyber fraud attempt targeting NEET-UG 2026 candidates has been foiled by the Cyber Crime Branch of Ahmedabad City Police in coordination with the National Testing Agency (NTA), leading to the arrest of a 19-year-old student from Bihar who allegedly tried to divert fee refund amounts from candidates’ accounts to bank accounts under his control.According to an official statement issued by Ahmedabad Cyber Crime Police, the accused, identified as Navinkumar Shankar Prasad Yadav, a BSc student from Bihar’s Gaya district, was arrested following a detailed investigation involving technical analysis, bank account tracking, human intelligence inputs and digital evidence shared by NTA’s Chief Information Security Officer (CISO).Police said the case came to light after it was discovered that the accused had allegedly created a false identity using the credentials of a NEET candidate and gained unauthorised access to the NEET-UG 2026 portal without the student’s knowledge or consent.Investigators found that he allegedly attempted to alter bank account details linked to fee refunds so that the money would be transferred to accounts controlled by him.The accused has been booked under relevant provisions of the Bharatiya Nyaya Sanhita (BNS) and the Information Technology Act for offences including cheating, criminal breach of trust, unauthorised access and cyber fraud.
Around 150 accounts vulnerable due to weak passwords
The investigation revealed that the accused allegedly targeted nearly 350 NEET-UG candidate accounts. Of these, around 150 were found to be particularly vulnerable because candidates had used weak or easily guessable passwords.According to police, the accused exploited these weak credentials to gain unauthorised access to candidate accounts. After logging into the portal, he allegedly identified students eligible for fee refunds and replaced their registered bank account details with his own in an attempt to divert the refund amounts.Investigators believe the operation was planned and aimed at obtaining financial gains by exploiting weaknesses in account security.While approximately 350 accounts were targeted, police said the accused was able to access only around 150 accounts where password protection was weak, highlighting the cybersecurity risks associated with poor password practices.
NTA security systems helped detect the fraud
A breakthrough in the investigation came through security mechanisms built into the NEET portal. According to the police statement, NTA’s Chief Information Security Officer promptly shared digital footprint data generated by the portal’s security systems with Ahmedabad Cyber Crime Police after suspicious activity was detected.The technical evidence enabled investigators to trace the source of the unauthorised access attempts, identify the accused’s location and eventually arrest him in Bihar.Senior police officials said the case highlights the growing importance of cybersecurity in national-level examinations. While concerns over paper leaks often dominate public discourse, cyber fraud targeting examination portals poses an equally serious threat to candidates, they said.Following the incident, authorities urged students and parents to use strong passwords containing a mix of uppercase and lowercase letters, numbers and special characters. Candidates have also been advised against using common passwords based on names, mobile numbers, dates of birth or combinations such as “123456”.Officials further cautioned students against sharing passwords, OTPs or account credentials with anyone and advised them to rely only on official NTA websites for NEET-related services, including fee refunds and examination updates.The coordinated action by Gujarat Police and the NTA prevented what authorities described as a potential large-scale refund fraud that could have affected hundreds of NEET aspirants, underscoring the importance of proactive cybersecurity measures in safeguarding examination systems.
