Fake Bank KYC Verification via Remote Apps — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 29, 2026

Severity: HIGH | View Full Scam Details

Beware in 2026: Fake Bank KYC Verification Scams via Remote Apps in India

Fraudsters posing as bank officials are using remote access apps to trick customers into sharing KYC details and stealing money, a growing threat across India.

What Is the Fake Bank KYC Verification via Remote Apps?

This scam involves fraudsters contacting bank customers pretending to be bank officials asking to update or verify their KYC (Know Your Customer) details. KYC is mandatory in India for banking and UPI services to comply with RBI rules. The scammers claim your account or UPI is at risk or blocked, creating a sense of urgency. They then ask victims to install a remote access app such as AnyDesk or TeamViewer to "help" them complete the KYC process.

Once the victim grants remote access, the fraudsters control their phone or computer. They can view sensitive information, access your bank app or UPI interface, and initiate fraudulent payments. This scam targets people of all ages but especially the digitally less savvy, including seniors and small business owners who rely heavily on UPI payments and RBI-mandated KYC for financial transactions.

Reports from cybercrime cells in various Indian states show this scam's rise since late 2025, with victims across urban and semi-urban areas. CERT-In has repeatedly warned about social engineering combined with remote access apps as a new toolkit of fraudsters in India’s digital banking ecosystem.

How This Scam Works — Step by Step

1. Initial Contact: You receive a phone call or WhatsApp message claiming to be from your bank’s customer service. The caller says your bank account or UPI ID is “inactive,” “blocked,” or “under threat,” and KYC needs urgent verification to prevent freezing or fraud.

2. Fake Verification Link or App: The caller asks you to download a remote access app like AnyDesk or TeamViewer from Google Play Store or other sources, saying a bank executive needs remote access to complete your KYC.

3. Granting Access: You share the access code or PIN generated by the remote app as instructed, enabling the caller to remotely control your phone or computer.

4. Data Extraction: The fraudster navigates to your bank’s app or UPI app, views sensitive data like account numbers, Aadhaar-linked mobile number details, UPI PIN entry screens, or map transaction history.

5. Initiating Transactions: Using your details and remote control, they initiate unauthorized UPI payments to their own accounts or fraudulent wallets. Sometimes they divert your Aadhaar-authenticated services or SIM to bypass OTP protections.

6. Cutting Contact: After money transfer, the scammers disconnect remote access and stop responding to your calls or messages, leaving you with missing funds and compromised personal data.

Real Warning Signs to Watch For

• Unsolicited calls or messages pressuring you to verify KYC urgently.
• Request to install and share details of remote access apps like AnyDesk, TeamViewer, or similar.
• Callers refusing to share verifiable bank employee details or official contact numbers.
• Being asked to share UPI PIN, OTP, or password over phone or remote app screen.
• Receiving messages demanding immediate action with threats of account blocking.
• Unknown persons controlling your phone screen remotely without prior consent.
• Unexpected or unauthorized UPI transactions appearing soon after such calls.

What Happens to Victims

Victims often suffer immediate financial loss as fraudsters drain money via UPI transactions or fraudulent wallets. Unlike debit card fraud, reversing UPI payments is difficult once settled, especially if victims shared UPI PINs or gave remote access. This can cause real hardship for middle-class families dependent on digital payments.

Beyond money, victims face emotional distress, worry about identity theft via Aadhaar linkage, and the hassle of filing complaints. SIM swapping combined with remote app control sometimes leads to permanent loss of mobile access, compounding the victim’s problems.

What RBI and CERT-In Say

RBI, in its guidelines on KYC and digital banking security, emphasizes never sharing OTPs, UPI PINs, or downloadable remote access apps with anyone. CERT-In advises users to be vigilant against social engineering and to report suspicious calls immediately. The Ministry of Home Affairs’ Indian Cyber Crime Coordination Centre (I4C) also encourages filing complaints on cybercrime.gov.in and calling the 1930 cybercrime helpline for assistance.

Banks have been advised by RBI to educate customers and improve fraud detection, but digital users should remain cautious as scammers continuously evolve tactics.

How to Protect Yourself

1. Never agree to install remote access software after calls claiming to be from your bank.
2. Do not share OTP, UPI PIN, passwords, or Aadhaar details over phone or messaging apps.
3. Verify all calls by calling your bank’s official helpline independently.
4. Use only official bank and UPI apps downloaded from trusted stores.
5. Keep your Aadhaar-linked mobile number protected; report SIM swap attempts immediately.
6. Regularly check your bank and UPI transaction statements for unknown debits.
7. Enable UPI app's multi-factor authentication and transaction limits for added safety.

What to Do If You’ve Been Targeted

• Immediately contact your bank through official channels to block your account or UPI handle.
• Change all related passwords and UPI PINs from a secure device.
• Report the incident to the 1930 cybercrime helpline and file a complaint on cybercrime.gov.in.
• Inform your mobile service provider if you suspect SIM swap or unauthorized number changes.
• Keep records of all communications and unauthorized transactions for police or bank investigations.

Frequently Asked Questions

Q: Can a bank employee really ask me to install remote access apps for KYC?
A: No. Legitimate bank officers never ask customers to install remote access software or share OTPs and PINs. Always verify independently with your bank’s official helpline.

Q: If I share my UPI PIN during a call, can my money be stolen immediately?
A: Yes. Sharing your UPI PIN or OTP during calls or while enabling remote access can allow fraudsters to initiate instant transactions you cannot reverse easily.

Q: How can I check if my Aadhaar or mobile number was compromised in such scams?
A: Visit UIDAI’s official website to track Aadhaar authentication history. Also, ask your mobile operator for any SIM change history. Immediate reporting can help mitigate damage.

If you receive suspicious messages or calls claiming to be from your bank, don’t wait — verify at BharatSecure.app and report fraud at the 1930 cybercrime helpline promptly.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.