AI-Generated KYC Update Fraud Calls — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 28, 2026

Severity: CRITICAL | View Full Scam Details

AI-Generated KYC Update Fraud Calls in India 2026: A Growing Cyber Threat Targeting Seniors & Small Businesses

AI-powered phone calls impersonating banks and digital wallets are tricking Indians into revealing sensitive details under the guise of KYC updates — putting your money and identity at serious risk.

What Is the AI-Generated KYC Update Fraud Calls?

The AI-generated KYC update fraud involves scammers using artificial intelligence voice technology to simulate real bank or digital wallet representatives calling users in India. These calls claim that your KYC (Know Your Customer) details require an urgent update or verification — prompting you to share OTPs or personal data that the fraudsters then misuse. This scam mainly targets vulnerable groups like senior citizens and small business owners who regularly interact with formal banking channels and digital payment apps.

According to complaints reported to cybercrime helplines and advisories from RBI and CERT-In, this scam has shown a worrying increase in Indian states with high smartphone penetration. These calls often come out of the blue, using AI voice cloning that matches the tone and phrasing of actual bank employees, making it difficult for many to identify the fraud. Besides banks, fraudsters are posing as representatives from popular digital wallets such as Paytm and PhonePe, leveraging their familiarity to increase trust.

Though RBI and CERT-In have warned about rise in voice phishing (vishing) incidents recently, the sophistication of AI-generated calls is a new challenge Indian users must be alert to in 2026. The integration of stolen data from social media and breaches allows scammers to appear well-informed about your profile, adding to their credibility.

How This Scam Works — Step by Step

1. Data Gathering: Scammers collect personal information from social media profiles, data breaches, and public databases. This might include your name, mobile number, bank name, and partial address details to tailor their approach.

2. AI Voice Call: Using AI voice synthesis, the scammer calls victims impersonating a bank or digital wallet official calling for a mandatory KYC update or verification. The voice sounds professional and familiar to Indian ears, sometimes even replicating regional accents.

3. Creating Urgency: The caller warns that without immediate KYC update, banking or wallet services will be suspended or accounts frozen — a tactic causing stress and hurried compliance.

4. Requesting Sensitive Info: The caller asks for OTPs sent to your phone or confidential personal information such as Aadhaar numbers, bank account details, or PINs under the pretext of verification.

5. Unauthorized Transactions: Once the scammer has the OTP or data, they quickly perform fraudulent transactions via UPI or mobile banking apps, draining funds often within minutes.

6. Covering Tracks: After money is taken, the caller may hang up or redirect blame onto “technical glitches.” These fraudsters often operate from different states or disguise their numbers, complicating tracing.

Real Warning Signs to Watch For

• Calls demanding urgent KYC update that you did not request.
• Caller uses pressure tactics or threats of account suspension.
• Requests for OTPs, Aadhaar number, or bank PIN over phone.
• The number is unknown or masked; official bank numbers typically use specific toll-free numbers.
• Callers insist on completing the process immediately.
• Voice sounds too “perfect” or slightly robotic — signs of AI-generated calls.
• Caller refuses to provide a callback number or written confirmation.

What Happens to Victims

Victims often face severe financial loss as scammers exploit UPI and mobile banking's instant payment features. Unlike credit card fraud, recovering funds from UPI transactions can be difficult, especially if the payments were unauthorized but processed quickly.

Beyond money loss, the misuse of Aadhaar and personal details can lead to identity theft, fraudulent account openings, and loan applications. Victims also report emotional trauma, anxiety, and loss of trust in digital financial services. Seniors and small business owners, who may lack technical savvy, are especially vulnerable, risking both personal savings and business capital.

In some cases, SIM swap fraud linked with this scam worsens the impact, as fraudsters gain full control over victims' phone numbers to intercept OTPs and reset passwords.

What RBI and CERT-In Say

The Reserve Bank of India consistently reminds users never to share OTPs or PINs over the phone. RBI’s framework on digital banking security emphasizes customer awareness for KYC processes, which banks conduct only at branch visits or through official app notifications — never unsolicited calls. RBI’s customer helpline is available at 1800-111-555 to report financial fraud.

CERT-In has issued alerts on increasing voice phishing and social engineering attacks using AI tools, urging citizens to verify unsolicited calls carefully. The government’s I4C (Indian Cyber Crime Coordination Centre) promotes use of the 1930 cybercrime helpline to report such fraud.

While there is no single advisory specifically naming “AI-generated KYC calls,” the RBI Cyber Security Framework and CERT-In’s guidelines collectively cover this attack vector.

How to Protect Yourself

1. Never share OTPs, Aadhaar details, or PINs over phone calls, no matter who claims to call.
2. Verify unsolicited requests by calling your bank’s official customer care number or using the official app.
3. Do not panic or rush when told your KYC or account is at risk — banks send official SMS or emails, never demand phone OTPs.
4. Register your mobile number on the NCPR (Do Not Disturb) list to reduce spam calls.
5. Avoid posting excessive personal information on social media.
6. Install anti-phishing and mobile security apps recommended by CERT-In.
7. Enable transaction alerts on your bank accounts and wallet wallets for real-time monitoring.

What to Do If You've Been Targeted

If you suspect you have fallen victim to AI-generated KYC update calls:

1. Immediately contact your bank or digital wallet provider through official channels to block or freeze your account.
2. Change your UPI PIN and mobile banking passwords.
3. Report the incident to the 1930 cybercrime helpline and file a complaint at cybercrime.gov.in.
4. Inform your mobile service provider if you suspect SIM swap or number compromise.
5. Keep records of all call attempts, messages, and transaction details for police reporting.
6. Consider lodging a formal FIR with local police cybercrime cells for further investigation.

Frequently Asked Questions

Q: Can banks call me for KYC updates over the phone?
A: Official bank or wallet KYC updates are typically done in person at branches or within secured apps. Unsolicited calls demanding OTP or Aadhaar sharing are not from your bank.

Q: How do AI-generated voices trick people?
A: AI-generated voices mimic real employees’ accents, tone, and speech patterns accurately, which can fool even cautious listeners into believing the call is legitimate.

Q: What if I shared OTP but no money was lost yet?
A: Even if no money is lost immediately, sharing OTP can enable scamsters to initiate future transactions or identity fraud. Contact your bank immediately to block accounts and change credentials.

For any suspicious calls or messages, always verify before acting. Visit BharatSecure.app to check scam alerts and report fraud quickly to the 1930 helpline.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.