Fake Aadhaar/PAN Update Links — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 28, 2026

Severity: HIGH | View Full Scam Details

Beware of Fake Aadhaar/PAN Update Links in 2026: A Rising Cyber Threat in India

In 2026, Indian internet users face a high-risk cyber scam involving fake Aadhaar and PAN update links that steal personal data and money through phishing.

What Is the Fake Aadhaar/PAN Update Links Scam?

This scam targets millions of Indians who regularly need to update or verify their Aadhaar and PAN details for banking, tax filing, or government services. Fraudsters send fake links that mimic official government or bank websites asking users to ‘update’ Aadhaar or PAN information urgently. The scam exploits India's growing reliance on these identity documents for financial transactions, KYC (Know Your Customer) processes, and digital service access.

The fake websites look nearly identical to genuine government portals but often have subtle differences in their URLs or design. These phishing links are widely distributed via WhatsApp messages, SMS, and email, aiming to trap users unaware of the risks. In reported cases, scammers have impersonated officials from banks or government agencies, urging quick action by victims to avoid penalties or service disruption.

The Indian Computer Emergency Response Team (CERT-In) and the Indian Cyber Crime Coordination Centre (I4C) have issued warnings about phishing attacks involving fake Aadhaar or PAN update portals. These scams are marked as high severity because stolen Aadhaar and PAN details can enable identity theft, unauthorized bank access, and fraudulent financial transactions.

How This Scam Works — Step by Step

1. Initial Contact: The victim receives an urgent message via WhatsApp, SMS, or email. The message claims their Aadhaar or PAN details need immediate updating or verification to avoid banking service suspension or income tax penalties.

2. Link Sharing: The message includes a link to “update” the details. The URL looks similar to official government or bank sites but uses misspellings, unusual domains, or extra characters.

3. Fake Website Interaction: Upon clicking, the user is taken to a convincing but fake website. The site asks for personal details like Aadhaar number, PAN number, date of birth, mobile number, and sometimes One-Time Passwords (OTPs).

4. Data Capture: When users fill out forms or enter OTPs (sometimes under the pretense of verification), their data is captured by scammers.

5. Unauthorized Transactions: Using stolen information, scammers may perform fraudulent UPI transactions, SIM swaps, or create fake identity profiles for bank loans or credit cards.

6. Financial Loss and Identity Theft: Victims often notice unauthorized withdrawals from their bank accounts or UPI apps days later and face difficulties reversing transactions.

Real Warning Signs to Watch For

• URLs with slight misspellings or strange domains (e.g., aadhaar-update.instead-of .gov.in)
• Unexpected messages urging urgent Aadhaar or PAN updates with threats of penalties
• Requests for OTPs, passwords, or PINs on unofficial websites or via message replies
• Unsolicited calls or messages claiming to be bank officials or government agents
• Poor spelling, grammar errors, or unusual formatting in messages
• Lack of secure HTTPS connection or missing security certificates on update sites
• Pressure tactics demanding immediate action without time to verify

What Happens to Victims

Victims often suffer serious financial and emotional consequences. With Aadhaar or PAN details compromised, scammers may initiate fraudulent UPI payments or bank transfers that are difficult to reverse. SIM swapping can disrupt mobile banking and OTP receipt, blocking victims from securing their accounts. Identity misuse can lead to fake loan applications or credit cards issued in the victim’s name, damaging their credit score and financial reputation.

The distress of financial loss combined with the complexity of recovering stolen identity can create long-term challenges for victims trying to restore their normal digital and financial lives.

What RBI and CERT-In Say

The Reserve Bank of India (RBI) and CERT-In have issued general advisories cautioning users against phishing attacks involving personal data like Aadhaar and PAN. RBI’s guidelines remind users never to share OTPs, passwords, or sensitive information through messages or calls. CERT-In warns citizens to verify website URLs carefully and avoid clicking on links from unknown or unsolicited sources.

For cybercrime reporting, citizens can dial the government’s 24x7 helpline number 1930 to report incidents of phishing or identity fraud. The Indian Cyber Crime Coordination Centre (I4C) also facilitates complaints related to identity theft and UPI frauds through cybercrime.gov.in.

How to Protect Yourself

1. Never click links received unexpectedly on WhatsApp, SMS, or email claiming to update Aadhaar or PAN.
2. Always visit official government websites by typing URLs manually (e.g., uidai.gov.in or incometax.gov.in).
3. Check website URLs carefully—look for HTTPS and government domain endings like .gov.in.
4. Do not share OTPs, passwords, or personal data via calls, messages, or unverified websites.
5. Use official apps (like mAadhaar or the official Income Tax app) rather than third-party links.
6. Enable two-factor authentication on all financial and email accounts.
7. Report suspicious messages immediately to the cybercrime helpline (1930) and forward them to the CERT-In reporting portal.

What to Do If You've Been Targeted

• Immediately block and report the sender on WhatsApp or your messaging app.
• Change passwords and PINs for your bank, UPI, and email accounts.
• Contact your bank without delay to freeze or monitor accounts for unauthorized transactions.
• File a complaint on cybercrime.gov.in with details of the phishing attempt.
• Call the 1930 cybercrime helpline for guidance and assistance.
• Inform your mobile network provider if you suspect SIM swap or fraud.
• Keep all evidence like messages, URLs, and screenshots ready for investigation.

Frequently Asked Questions

Q: Can I update my Aadhaar or PAN through links sent on WhatsApp or SMS?
A: No. For security, always update Aadhaar at uidai.gov.in and PAN details on the official Income Tax portal. Do not trust unsolicited links from messages or calls.

Q: What should I do if I accidentally shared my Aadhaar or PAN details on a suspicious site?
A: Immediately change passwords linked to your bank and email, inform your bank, and report the incident to the 1930 helpline and cybercrime.gov.in.

Q: How can I confirm if a message about Aadhaar or PAN update is genuine?
A: Genuine government communications rarely come via WhatsApp or SMS with links. Verify by calling your bank's official helpline or visiting government portals directly.

Stay vigilant and verify any suspicious messages with BharatSecure.app, and report fraud attempts promptly at 1930—the Indian cybercrime helpline.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.