Fake KYC Update Call Scam — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 28, 2026

Severity: HIGH | View Full Scam Details

Fake KYC Update Call Scam in India 2026: Beware of Phishing Calls Targeting Your Bank & UPI Accounts

The Fake KYC Update Call Scam is a growing threat to Indian bank and UPI users in 2026, where fraudsters impersonate bank officials to steal your personal data and money.

What Is the Fake KYC Update Call Scam?

The Fake KYC Update Call Scam is a phishing trick that targets Indian customers whose bank and digital payment accounts require updated KYC (Know Your Customer) details. KYC compliance is mandatory in India to continue using bank accounts, UPI IDs, and Aadhaar-linked financial services, making it a powerful trigger for anxiety among account holders. Scammers exploit this to push victims into quickly sharing sensitive data like Aadhaar numbers, OTPs, bank details, or even device access.

This scam is reported widely across Indian states, affecting users of both public and private banks as well as popular UPI apps. Fraudsters often pose as bank officials or customer care representatives from payment apps, using spoofed or fake phone numbers that appear official. The scam is increasingly common, with many victims losing thousands of rupees through unauthorized transactions or SIM swaps.

Indian cybersecurity agencies like CERT-In and the Indian Cyber Crime Coordination Centre (I4C) have issued warnings about such phishing calls as part of broader efforts to educate users on social engineering attacks. The Reserve Bank of India (RBI) also reiterates that banks or payment services never ask for full OTPs or PINs over the phone.

How This Scam Works — Step by Step

1. Initial Call: The victim receives a call from a number appearing to be from their bank or a known payment app. The caller claims there is an issue with the victim’s KYC details or Aadhaar linking and demands immediate updating.

2. Creating Urgency and Fear: The caller warns that failure to update immediately will lead to account freezing, blocking of UPI transactions, or suspension of Aadhaar-linked services. This fear pushes the victim to act without verifying the caller’s authenticity.

3. Asking for Sensitive Information: The caller then requests details such as Aadhaar number, bank account number, OTPs, PINs, or UPI PIN, often under the guise of verifying identity or completing the KYC process. Sometimes they ask the victim to install remote access apps or share screenshots.

4. Using the Data to Commit Fraud: Once the fraudsters have sufficient information, they may conduct unauthorized fund transfers via UPI or net banking, initiate SIM swaps to intercept OTPs, or misuse Aadhaar data to open fraudulent accounts or loans.

5. Victim Realises the Loss: After some time, the victim notices unauthorized debits or account blocks, leading to financial loss and distress.

Real Warning Signs to Watch For

• Calls demanding immediate KYC or Aadhaar updates and creating panic.
• Caller asking for full OTPs, UPI PINs, or internet banking passwords.
• Requests to install unknown apps or grant remote access on your phone.
• Phone numbers that look like bank numbers but slightly differ (e.g., 98XXXXXX12).
• Threats about account blocking or service suspension if demands are not met.
• Caller refusing you the chance to verify the call via official bank contact numbers.
• Unsolicited calls or messages pressuring you to click links or share personal details.

What Happens to Victims

Victims of this scam often face unexpected financial losses through unauthorized UPI transactions or fraudulent loans taken in their name using stolen Aadhaar data. Since Indian banks generally do not allow reversal of successful UPI payments, recovering lost funds can be difficult. Victims frequently suffer emotional distress and trust issues towards digital banking.

If the fraud involves SIM swaps, the victim may also lose control over OTP verification for other financial services, thereby risking multiple account breaches. Many victims complain of lengthy police and bank procedures causing further delays.

What RBI and CERT-In Say

The Reserve Bank of India (RBI) regularly issues advisories reminding users never to share OTPs, passwords, or PINs during any phone call, even if the caller claims to be from the bank. The RBI helpline and complaint portal provide channels for reporting suspicious calls.

CERT-In and I4C have also urged users to be cautious about unsolicited KYC update requests over phone. The National Cyber Crime Reporting Portal (cybercrime.gov.in) and the 1930 cybercrime helpline are recommended for reporting phone call phishing attempts and fraud complaints.

Banks and payment service providers clearly state that KYC updates happen only through official branches or secure app procedures and never through phone calls asking for passwords or OTPs.

How to Protect Yourself

1. Never share full OTPs, PINs, or passwords over the phone. Banks or apps never ask for these.
2. Verify calls independently. Hang up and call your bank’s official number before sharing any information.
3. Avoid clicking links or sharing screenshots from unknown callers.
4. Do not install any apps or give remote access to callers claiming to update your KYC.
5. Keep your Aadhaar and bank details confidential.
6. Be wary of phone numbers that appear similar but not identical to bank helplines.
7. Use official bank branches or verified app features for updating KYC and Aadhaar linking only.

What to Do If You’ve Been Targeted

• Immediately contact your bank or payment app through official channels to freeze your account and block further transactions.
• File a complaint on the National Cyber Crime Reporting Portal at cybercrime.gov.in.
• Call the 1930 cybercrime helpline for guidance and assistance.
• Lodge a First Information Report (FIR) with your local police cybercrime cell.
• Change your UPI, net banking, and device passwords immediately.
• Monitor your bank and UPI transaction history frequently for any unauthorized activity.
• Inform your mobile operator to prevent SIM swap or get a new SIM issued.

Frequently Asked Questions

Q: Can a bank official call me to update KYC details over the phone?
A: No. According to RBI guidelines, KYC updates are done at bank branches or through secure digital platforms. Banks never ask for passwords, OTPs, or PINs on phone calls.

Q: What should I do if I accidentally shared my OTP with a caller claiming to be from my bank?
A: Immediately contact your bank to block the account and report the unauthorized transaction. Also, file a complaint on cybercrime.gov.in and call the 1930 helpline for further support.

Q: How can I verify if a call about KYC updating is genuine?
A: Hang up and call your bank or payment app’s official customer care number. Do not use any phone number provided during the suspicious call.

Stay alert and protect your financial information. When in doubt, verify suspicious calls or messages on BharatSecure.app and report scams swiftly at the 1930 helpline.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.