Fake electricity bill leads to cyber fraud — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 26, 2026

Severity: MEDIUM | View Full Scam Details

Beware in 2026: Fake Electricity Bill Scam in India Leading to Cyber Fraud

A rising number of Indian internet users are falling prey to a phishing scam where fake electricity bills lead to financial losses and data compromise.

What Is the Fake Electricity Bill Leads to Cyber Fraud?

This scam involves fraudsters sending fake electricity bills—through WhatsApp messages, SMS, or email—that appear to be from legitimate local electricity providers. These bills often look very authentic, displaying real user names and addresses, making victims believe they need to clear pending dues immediately.

The scam mainly targets everyday consumers in urban and semi-urban India who regularly pay their utility bills using digital payment methods like UPI or net banking. With the increasing use of smartphones and digital transactions in India, especially post-pandemic, scammers have turned to fake billing techniques to trick individuals into divulging sensitive data or making small, seemingly harmless payments. Often the requested amounts are low (as low as ₹20), lowering suspicion but still paving the way for data theft or larger fraud later.

This tactic has grown in prevalence across various states, exploiting publicly available information from social media, local forums, or even leaked databases. In 2023, CERT-In (Indian Computer Emergency Response Team) and I4C (Indian Cyber Crime Coordination Centre) issued advisories warning users about such phishing attempts disguised as utility bills, urging vigilance and verification before making payments.

How This Scam Works — Step by Step

1. Target Identification: Scammers gather data about residents in a particular area using public platforms or leaked data sources.

2. Fake Bill Message Sent: The victim receives an SMS or WhatsApp message that looks exactly like a genuine electricity bill from their local power utility provider. The message includes the victim’s name, address, and a due balance, commonly a small amount like ₹20.

3. Payment Request: The message contains a payment link or UPI QR code prompting the victim to pay the bill immediately to avoid disconnection or penalty.

4. Victim Pays Via UPI or Other Means: Trusting the bill’s authenticity, the victim makes the payment through UPI or net banking.

5. Data Capture or Unauthorized Access: Often, the payment link redirects to a fake portal designed to capture UPI PINs, OTPs (One Time Passwords), or Aadhaar details, or installs malware on the user’s device.

6. Fraudsters Exploit Stolen Information: Using the stolen payment credentials or identity data, scammers may make unauthorized transactions, perform SIM swaps, or carry out identity theft leading to significant financial loss over time.

Real Warning Signs to Watch For

• The bill amount is unusually low or does not match your usual monthly electricity expenses.
• The payment link or QR code redirects to a non-official web address or looks slightly misspelled.
• The message comes from an unknown phone number or a non-verified WhatsApp account instead of an official utility contact.
• The bill’s due date demands immediate payment with threats of disconnection or penalty.
• Request for sensitive information like UPI PIN, Aadhaar number, OTP, or bank account details through the bill message.
• Spelling or grammatical errors in the message or bill document.
• No option to verify the bill through official power utility websites or customer portals.

What Happens to Victims

Victims may initially lose small amounts during the transaction which often goes unnoticed. However, once scammers acquire sensitive information—such as UPI PINs or Aadhaar-linked data—they may perform unauthorized fund transfers, causing larger financial damages.

In India, reversing UPI transactions without RBI’s intervention is complex, and many victims find themselves helpless after sharing OTPs or PINs. Victims also face emotional stress and anxiety, fearing identity theft or misuse of their personal details. SIM swapping—triggered by leaked Aadhaar data—may allow fraudsters to access further accounts, worsening the impact.

Victims often struggle to prove their innocence or recover funds due to the digital nature of the crime and lack of immediate support, especially when payments are made through third-party apps.

What RBI and CERT-In Say

The Reserve Bank of India emphasizes vigilance when making digital payments. RBI’s advisories clearly state that banks and legitimate payment apps will never ask for UPI PINs or OTPs via messages or calls. Anyone requesting such information should be treated as suspicious.

CERT-In regularly issues alerts on phishing scams, including those involving fake utility bills. The Indian Cyber Crime Coordination Centre (I4C) encourages users to report all suspicious messages and to verify bills via official websites or customer helplines.

Citizens in India can call the 24/7 National Cyber Crime Helpline at 1930 to report phishing incidents or seek guidance. For RBI-related payment fraud, the RBI Customer Contact Centre can also assist.

How to Protect Yourself

1. Always verify electricity bills by logging into your local power utility’s official website or official app before making payments.
2. Never click on payment links or scan QR codes received via unsolicited WhatsApp or SMS messages.
3. Don’t share UPI PINs, OTPs, Aadhaar details, or bank information with anyone over calls or messages.
4. Use your smartphone’s security features—like app-level authentication—and keep your device updated with the latest security patches.
5. Regularly monitor your UPI or bank accounts for unauthorized transactions and report immediately if suspicious activity is noticed.
6. Avoid downloading attachments or links embedded in unexpected utility-related messages.
7. Register for the Do Not Disturb (DND) service on your phone to reduce spam messages.

What to Do If You’ve Been Targeted

• Immediately report the fraud to your bank’s customer service and block your UPI or net banking access to prevent further losses.
• Contact your mobile service provider to check for SIM swap or number misuse.
• File a complaint on the cybercrime.gov.in portal detailing the incident.
• Call the National Cyber Crime Helpline at 1930 for advice on next steps and assistance.
• Inform your local electricity provider about the fake bill received to help them take necessary action.
• Keep all evidence like messages, payment receipts, and screenshots ready for law enforcement.
• If you shared Aadhaar or other identity details, consider placing a fraud alert on your profiles and watch your credit reports carefully.

Frequently Asked Questions

Q1: Is it safe to pay electricity bills via UPI if received on WhatsApp?
No, you should never pay bills via UPI links received on WhatsApp unless you verify that the message is from your official electricity provider through their verified contact or website.

Q2: What should I do if I accidentally paid through a fake electricity bill link?
Immediately inform your bank to block transactions, call your payment app’s support to freeze payments, and report the incident to 1930 cybercrime helpline and your local police.

Q3: How can I confirm if a message claiming to be from my electricity provider is genuine?
Cross-check by visiting the official website of your electricity board or calling their registered helpline number. Do not use numbers or links provided in suspicious messages.

Stay alert and protect yourself from scams like fake electricity bills. If you ever doubt the authenticity of a message or bill, visit BharatSecure.app to verify and get help spotting phishing attempts. Your vigilance is your best defense against cyber fraud.