Consumer commission orders SBI to refund Rs 1.99 lakh in fake electricity bill cyber fraud case — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 25, 2026

Severity: MEDIUM | View Full Scam Details

Beware in 2026: How Fake Electricity Bill Phishing Scams Steal Lakhs from Indian Consumers

Millions of Indians face a rising threat as cybercriminals exploit fake electricity bill phishing scams, tricking victims into paying crores via UPI and bank apps.

What Is the Consumer Commission Orders SBI to Refund Rs 1.99 Lakh in Fake Electricity Bill Cyber Fraud Case?

Recently, a landmark decision by a consumer protection commission ordered State Bank of India (SBI) to refund Rs 1.99 lakh to a victim duped through a fake electricity bill cyber fraud. This scam involves fraudsters sending bogus messages or emails that look like authentic bills from electricity providers, often demanding a small outstanding amount, for example, ₹20. The compelling nature of these messages and the familiarity of payment gateways like UPI and bank apps tempt victims to pay immediately without thorough scrutiny.

This phishing scam preys most on everyday consumers who regularly pay electricity bills online. The scam is particularly rampant in urban and semi-urban India, where digital payments via UPI and Aadhaar-linked bank accounts are common. Reports suggest that millions of Indians fall victim annually to such frauds, with the total financial loss running into several crores. While the Reserve Bank of India (RBI), CERT-In (Indian Computer Emergency Response Team), and the Indian government’s I4C (Indian Cyber Crime Coordination Centre) raise alerts to curb such frauds, these scams evolve quickly, posing an ongoing challenge.

How This Scam Works — Step by Step

1. Initial Contact via SMS or Email: The victim receives a message purporting to be from their local electricity board. This message typically shows an outstanding electricity bill amount as low as ₹20-50 to appear reasonable and prompt immediate payment.

2. Fake Bill with UPI Payment Link: The message contains a clickable link that looks genuine but redirects to a phishing website disguised as the electricity company’s payment portal.

3. Entering Personal and Payment Details: Once on the fake site, the victim is asked to enter personal details such as their consumer number, mobile number, and Aadhaar-linked bank details or UPI PIN.

4. Instant Deduction Through UPI/Bank App: Using the submitted information, scammers trigger an unauthorized transaction via UPI or the victim’s linked bank account.

5. Loss Realised Too Late: Victims often realize the theft only when their bank alerts or statements show a large unrecognized deduction, sometimes amounting to lakhs.

6. Difficulty in Reversal: Because the payment appeared legitimate using UPI or bank apps, reversal becomes challenging. Victims have to approach banks and consumer commissions for refunds.

Real Warning Signs to Watch For

• Unexpected Bill Amounts that are unusually low or do not match previous electricity bills.
• Urgent Payment Demands pressuring immediate action to avoid disconnection or penalty.
• Suspicious Payment Links that do not open official electricity board websites or use strange URLs.
• Poor Grammar or Spelling Mistakes in messages or emails supposedly from official companies.
• Unsolicited Messages when you have already paid or received a physical bill.
• Requests for Sensitive Information like UPI PIN, Aadhaar details, or OTPs.
• Payment Confirmations Sent Via Non-Official Channels such as WhatsApp instead of official apps.

What Happens to Victims

Victims not only suffer immediate financial loss—often several lakhs—but also face emotional distress due to the violation of their financial security. In India, the widespread use of Aadhaar-linked bank accounts and UPI makes victims vulnerable to large-scale theft once scammers get hold of crucial credentials. Victims may also experience complications with SIM-swapping frauds, where criminals take control of mobile numbers to intercept OTPs and access bank apps. Recovering lost money through UPI is difficult because payments are often “final and irrevocable,” leaving victims to depend on bank goodwill or lengthy consumer commission processes.

What RBI and CERT-In Say

The RBI has repeatedly warned consumers to never share their UPI PIN, OTPs, or confidential information online or over the phone. Their guidelines emphasize authenticating payment portals before entering details and immediately reporting unauthorized transactions. CERT-In also instructs citizens to be vigilant against phishing emails and SMS, advising to verify URLs and avoid clicking untrusted links. Both agencies promote using official payment apps and helpline numbers for complaints. The national cybercrime helpline 1930 is operational to assist victims, and RBI runs its customer helpline for reporting fraud (1800 265 265).

How to Protect Yourself

1. Verify Bills Directly on Official Websites or Apps before making any payments.
2. Never Click on Payment Links in Unsolicited SMS or Emails. Instead, type the URL manually in your browser.
3. Avoid Sharing UPI PIN, OTP, or Aadhaar Details with anyone, including callers claiming to be from banks or utilities.
4. Use Two-Factor Authentication (2FA) on your bank and UPI apps.
5. Keep Your Mobile SIM Card Secure. Report immediately if you lose service unexpectedly to block SIM-swap fraud.
6. Regularly Check Bank and UPI Statements for unknown transactions.
7. Use Only Trusted Payment Apps sanctioned by RBI and downloaded from official app stores.

What to Do If You’ve Been Targeted

1. Immediately block your UPI ID or bank account through your bank’s app or customer care.
2. Report the fraud to your bank’s fraud department and request a transaction freeze.
3. Call the national cybercrime helpline at 1930 and file a complaint on cybercrime.gov.in.
4. Inform the electricity provider to verify payment status and flag any suspicious messages.
5. Lodge a complaint with the consumer commission, as happened in the SBI refund case.
6. Change all related passwords and PINs, especially for banking apps and Aadhaar-linked services.
7. Keep a record of all communication and transaction details for investigation.

Frequently Asked Questions

Q: Can I reverse a UPI payment made to scammers in fake electricity bill scams?
A: UPI transactions are mostly instantaneous and irreversible. You must immediately report to your bank and cybercrime authorities. Sometimes banks may help recover funds if the fraud is reported quickly.

Q: How can I confirm if an electricity bill message is legitimate?
A: Always cross-check the bill amount and details on your electricity board’s official website or mobile app. Do not trust payment links sent via SMS or WhatsApp without verification.

Q: What are the official channels to report such phishing scams in India?
A: You can report scams to the national cybercrime helpline (1930), file complaints on cybercrime.gov.in, and contact your bank’s fraud helpline. RBI helpline numbers can assist with financial fraud issues.

Stay alert and verify suspicious messages before making digital payments. Protect yourself from growing phishing scams by checking all bill alerts at BharatSecure.app — India’s trusted platform for digital fraud awareness.