Cockroach Janta Party WhatsApp Scam: Phishing Links Stealing Bank Details — Police Alert (May 2026) — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 26, 2026

Severity: HIGH | View Full Scam Details

Cockroach Janta Party WhatsApp Scam: Phishing Links Stealing Bank Details — Ludhiana Police Warning (May 2026)

Bengaluru, May 26, 2026 — Indian cybercrime authorities have flagged a fast-spreading WhatsApp phishing scam that piggybacks on the viral popularity of the "Cockroach Janta Party" (CJP) — a satirical online movement that has racked up over 20 million followers on Instagram in recent weeks. The scam, first publicly flagged by Ludhiana Police's cyber cell, uses CJP-branded links shared in WhatsApp and Facebook groups to trick users into handing over banking credentials.

To be unambiguous: the Cockroach Janta Party movement itself, founded by content creator Abhijeet Dipke, is not the scam. What scammers are exploiting is its name recognition. By dressing phishing pages in CJP branding — fake "join the movement", "claim your member ID", "donation" or "official merchandise" landing pages — fraudsters are riding the trend's organic reach into millions of phones.

How the scam works

Ludhiana Police, in an advisory issued through the city's cyber helpline, described a recognisable phishing playbook adapted to a viral political moment:

1. Bait link in a WhatsApp or Facebook group. The message claims to offer CJP membership, a free t-shirt, a "supporter card", a donation portal, or early access to a CJP event. The link uses domains that look CJP-adjacent but aren't owned by the movement.
2. Fake landing page. The user is shown a CJP-styled page that asks for name, mobile number, email, and a "small registration fee" — typically ₹10 or ₹49 — payable by UPI.
3. Credential capture. The "payment" page is a clone of a UPI app or net-banking portal. When the victim enters their UPI PIN, OTP, or net-banking password, the data goes straight to the attacker.
4. Account drain. Within minutes, the attacker initiates a much larger transfer out of the victim's account, often before the victim realises the original "₹10 fee" was never processed.

Officer Amarinder Singh of the Ludhiana cyber cell confirmed the pattern in the advisory and urged residents to treat any CJP link arriving on WhatsApp as untrusted by default — even when forwarded by a friend or family member, since legitimate-looking forwards are how phishing payloads spread fastest.

The advisory was picked up by Asianet Newsable, ANI, and later by international outlets including NBC News and CBS News, reflecting the scam's cross-platform spread.

Why this scam is unusually effective

Three factors make the CJP phishing wave dangerous in a way most UPI scams aren't:

• Trend velocity. CJP went from niche to mainstream in weeks. Most users have heard the name but don't know the movement's actual digital footprint — they have no reference point for what a "real" CJP link should look like.
• Plausible deniability. A "₹10 fee" feels too small to be a scam. Users approve the UPI request without scrutiny, not realising the PIN entry itself is what's being harvested.
• Cross-platform amplification. The same phishing link is shared in Facebook meme groups, forwarded to WhatsApp family groups, and pasted into Telegram channels. Each platform laundering removes the original sender's identity.

This is identical in structure to the PM Kisan, PMJDY, and Ayushman Bharat WhatsApp scams that BharatSecure has tracked over the past two years — only the brand has changed. The mechanics, the price-anchor (₹10–₹49), and the credential-harvest flow are unchanged.

Red flags to spot a CJP phishing link

• Any link asking for a "membership fee", "supporter card fee", or "registration charge" — the real CJP movement does not collect money for joining.
• Domains that don't match Abhijeet Dipke's or CJP's verified social handles. If you can't see a blue tick attached to the original poster, assume the link is hostile.
• A UPI prompt that asks you to enter your PIN to receive money. UPI PINs are only ever needed to send money, never to receive it.
• Shortened links (bit.ly, tinyurl, t.ly) wrapping the CJP brand name.
• "Limited time" or "first 1000 supporters" urgency framing.

What to do if you've already clicked

• Stop. Do not enter your UPI PIN, OTP, or net-banking password. If you already did, treat your account as compromised.
• Block your UPI ID and bank cards immediately through your banking app's emergency-block feature.
• Call your bank's 24×7 fraud helpline. SBI: 1800-11-1109. HDFC: 1800-202-6161. ICICI: 1800-200-3344. Axis: 1860-419-5555.
• Report to the National Cyber Crime Helpline: 1930. This is the fastest path to a "freeze" on attacker accounts — funds transferred in the last few hours can often be recovered if reported within 24 hours.
• File a written complaint at cybercrime.gov.in.
• Forward the original WhatsApp/Facebook message to BharatSecure at our scam-report endpoint so we can add the attacker's UPI ID and domain to the public threat-intelligence feed used by other banks and fintechs.

How BharatSecure is responding

Every confirmed CJP-themed phishing URL submitted to our scanner is being:

• Flagged as Dangerous verdict in the public scam library.
• Auto-submitted to PhishTank, CERT-In, and Google Safe Browsing for takedown.
• Added to the STIX/TAXII threat-intelligence feed used by partner banks.
• Indexed in the public Scam Identifier API so any fintech can query a URL or UPI ID in real time.

Anyone can paste a suspicious CJP link into the scanner on bharatsecure.app for an instant verdict — no login required.

Bottom line

CJP is a satirical movement, not a scam. But its virality has become a phishing storm. Until the scam wave subsides, treat every CJP-branded link arriving via WhatsApp or Facebook as hostile until you can verify it from CJP's own verified Instagram account. If you've already paid, dial 1930 within the hour — that's still the single most important number on your phone today.

Reporting by BharatSecure editorial. Sourced from Ludhiana Police cyber cell advisory, Asianet Newsable, ANI, NBC News, and CBS News.