Energy Bill Rebate Phishing — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 27, 2026

Severity: CRITICAL | View Full Scam Details

Beware the Energy Bill Rebate Phishing Scam in India 2026: Protect Your Money and Data

Energy Bill Rebate Phishing is a critical cyber threat sweeping India in 2026, where scammers lure consumers with fake electricity bill rebate offers to steal personal and financial information.

What Is the Energy Bill Rebate Phishing?

Energy Bill Rebate Phishing scams exploit the trust Indian consumers have in their electricity providers such as Tata Power, BSES Rajdhani Power, and various state electricity boards. These fraudsters send fake SMS, WhatsApp messages, or emails pretending to offer attractive rebates or subsidies on electricity bills—especially during government campaigns or times when fuel prices are high and consumers expect relief. The scam specifically targets domestic users dependent on timely electricity bills, capitalizing on their eagerness to save money.

With more than 240 million households relying on digital communication for bill payments, these phishing messages can spread quickly. The situation has become alarming enough for India’s Computer Emergency Response Team (CERT-In) to flag this as a “critical risk” with a threat severity score of 9/10. The government’s Indian Cyber Crime Coordination Centre (I4C) has also issued alerts urging consumers to be cautious, highlighting an uptick in reported cases across metros and tier-2 cities alike.

How This Scam Works — Step by Step

1. Initial Contact via SMS/WhatsApp/Email: Victims receive a well-crafted message appearing to be from their electricity provider. It promises an urgent rebate or subsidy on their current electricity bill.

2. Urgent Call to Action: The message insists on quick action to claim the rebate—warning that failure to respond will result in bill penalty, disconnection of electricity, or losing the rebate.

3. Data Request or Link Click: The message asks recipients to share sensitive details such as their meter number, bank account number, IFSC code, or Aadhaar linked phone number to verify identity and process the rebate.

4. Malicious Link or Attachment: If the victim clicks on a provided URL, they’re led to a fake login page mimicking the energy provider’s official portal or a payment page masquerading as UPI or net banking.

5. Data Harvesting and Fund Theft: Once the victim inputs credentials or bank details, scammers capture this information to conduct unauthorized fund transfers via UPI or net banking. In some cases, they target Aadhaar-linked bank accounts or even initiate SIM swap fraud to bypass two-factor authentication.

6. Victim Notices Loss: Often, the victim only realises the scam after unexpected debits from their bank account or missed electricity payments leading to actual disconnection.

Real Warning Signs to Watch For

• Messages that demand immediate action or threaten disconnection without official prior notice
• Requests for sensitive bank details, Aadhaar numbers, or OTPs under the pretense of rebate processing
• URLs that look suspicious with misspellings (e.g., “tatapower-secure.in” instead of “tatapower.com”)
• Unsolicited WhatsApp or SMS messages claiming to be from electricity boards—especially if the number is not verified or official
• Payment or login pages that do not use https or show security certificates in the browser
• Messages that do not address you by name or lack your customer ID/reference number specific to your electricity provider
• Any request for forwarding OTPs or sharing net banking usernames/passwords

What Happens to Victims

Victims often face immediate financial loss through unauthorized UPI transfers or net banking debits. Since many Indian banks still have limited UPI reversal options, reclaiming stolen money is difficult and time-consuming. The misuse of Aadhaar-linked databases and mobile numbers makes fraud recovery more complex. Additionally, victims often undergo emotional distress, fearing loss of electricity access or embarrassment due to identity theft.

Some victims report SIM swap fraud following these scams, where hackers take over the victim’s mobile number, gaining full control of their UPI apps, banking alerts, and even Aadhaar-linked OTP services. This magnifies the damage beyond just money theft, risking long-term identity fraud.

What RBI and CERT-In Say

The Reserve Bank of India (RBI) has repeatedly advised consumers to never share OTPs or net banking credentials via SMS or WhatsApp. RBI’s cybersecurity framework explicitly warns against phishing scams tricking users into divulging banking details, especially through unsolicited messages.

CERT-In has issued cybersecurity advisories urging vigilance against phishing during bill payment seasons. They emphasize verifying SMS and emails via official portals and contacting your electricity provider directly for rebate announcements.

Consumers can report cybercrime to the National Cyber Crime Reporting Portal or call the 1930 cybercrime helpline for immediate assistance. RBI's toll-free helpline for banking fraud is also available to suspend cards or UPI handles quickly.

How to Protect Yourself

1. Always verify rebate announcements directly on your electricity provider’s official website or customer service before reacting.
2. Never share your bank account details, IFSC code, Aadhaar number, or OTPs in response to SMS, WhatsApp, or email messages.
3. Do not click on links or download attachments from unknown or suspicious sources.
4. Enable UPI app notifications and monitor your account continuously for unauthorized transactions.
5. Register for mobile number portability (MNP) safeguards at your telecom provider to prevent SIM swap fraud.
6. Use two-factor authentication (2FA) only through official banking or UPI apps—never through SMS or third-party apps.
7. Immediately report any suspicious messages to BharatSecure.app or through the official cybercrime portal.

What to Do If You've Been Targeted

• Immediately block your bank cards and UPI handles by contacting your bank’s helpline or RBI’s toll-free number.
• Report the fraud to your electricity provider and request them to suspend any pending rebate processing.
• File an FIR with your local police cyber cell or complaint on cybercrime.gov.in.
• Call the national cybercrime helpline 1930 to report the scam and receive guidance from CERT-In.
• Monitor your Aadhaar-linked accounts for unusual activity and register a complaint with UIDAI if you detect misuse.
• Consider changing your mobile number if you suspect SIM swap fraud.
• Inform your family and friends to beware of similar phishing attempts.

Frequently Asked Questions

Q: Can I trust energy rebate messages sent via WhatsApp?
A: No, official rebates are usually communicated via official letters, emails from verified addresses, or SMS from registered numbers. Always verify through your energy provider’s official contact channels.

Q: What should I do if I accidentally clicked a phishing link?
A: Do not enter any details. Immediately disconnect from the internet, clear your browser history, scan your device with antivirus software, and change your bank and UPI passwords. Then, report the incident to your bank and the cybercrime helpline.

Q: Are rebates on energy bills real or just a scam?
A: Genuine rebates are announced publicly by the government or energy companies with clear instructions and official portals. Never trust messages that pressure you to share private information urgently or offer rebates selectively through messages.

Energy Bill Rebate Phishing is a dangerous scam hitting Indian households in 2026. Preserve your data and money by staying alert and verifying suspicious messages before responding. If you receive any suspicious communication about electricity bill rebates, verify it immediately at BharatSecure.app to stay safe from cyber fraud.