Fake RBI Leak Site Extortion Scam — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 29, 2026

Severity: HIGH | View Full Scam Details

Beware in 2026: The Fake RBI Leak Site Extortion Scam Targeting Indian Businesses

Many Indian businesses are now at risk from a new wave of cyber fraud called the Fake RBI Leak Site Extortion Scam, which uses WhatsApp and phishing tactics to trick victims into paying large sums to scammers posing as government officials.

What Is the Fake RBI Leak Site Extortion Scam?

This scam involves fraudsters creating fake websites or online portals that claim to leak sensitive information related to the Reserve Bank of India (RBI). These sites falsely allege that a data breach has exposed private customer details of businesses, especially those handling financial transactions or Aadhaar-linked services. The scam primarily targets Indian companies that work with billing, taxation, or payment processing.

Attackers often initiate contact through WhatsApp messages or emails appearing to come from trusted financial institutions or government bodies. By impersonating RBI officials or government agencies, scammers pressure business owners to pay hefty “extortion fees” to prevent the supposed leak or public exposure of confidential data. The impersonators leverage genuine-sounding documents or references to previous legitimate communications, lending credibility to their claims.

In India, the scam has reportedly been widespread in metro cities and tech hubs where many small and medium enterprises (SMEs) use digital payment platforms and UPI for transactions. While there hasn’t yet been a specific advisory by the RBI targeting this exact scam, CERT-In (Indian Computer Emergency Response Team) and the Indian Cyber Crime Coordination Centre (I4C) regularly issue alerts about phishing and government impersonation scams on WhatsApp and email platforms. Businesses are urged to be cautious and verify communications claiming to be from the RBI or related bodies.

How This Scam Works — Step by Step

1. Target Identification: Scammers acquire lists of businesses from dark web markets or use social engineering to identify businesses dealing with financial data or tax documents.
2. Initial Contact: The business is contacted on WhatsApp or via email with messages claiming there has been a data leak involving RBI records linked to the business.
3. Phishing Link or Site: The message contains a URL to a fake “RBI leak site” which appears official, showing supposed confidential files or data related to the victim’s business.
4. Threat and Extortion: The scammers claim that unless the business pays an extortion amount (often demanded in INR through UPI or bank transfer), they will publicly release the “leaked” information, causing reputational and legal damage.
5. Pressure Tactics: Frequent follow-ups and threats escalate via WhatsApp calls or messages, citing fake legal notices or regulatory penalties if the victim delays payment.
6. Payment and Loss: Under pressure, the victim transfers money to UPI IDs or bank accounts controlled by the scammers. Once paid, the scammers disappear, and no data leak actually occurs.

Real Warning Signs to Watch For

• Unexpected WhatsApp or email messages claiming a “data leak” affecting your business.
• URLs or websites that mimic RBI but have odd domain names or lack HTTPS security padlock.
• Demands for immediate payment via UPI or direct bank transfer as “fine” or “settlement.”
• Threatening language referencing legal action without official government documentation or notices.
• Messages containing attachments or links that prompt you to download files or enter sensitive login details.
• Callers insisting you confirm private details like Aadhaar number, bank account, or PAN urgently.
• Inconsistencies in contact details or refusal to provide verifiable government ID or reference numbers.

What Happens to Victims

Victims can suffer significant financial loss, as payments made through UPI or bank transfers are typically irreversible once processed. Additionally, victims face emotional stress due to fear of reputational damage and possible regulatory investigations, even though no real data has leaked.

In some cases, scammers may obtain sensitive information during the scam, such as Aadhaar numbers or business IT credentials, leading to further risks like SIM swaps or fraudulent loan applications under the business’s name. The combination of financial drain and breach of trust can disrupt business operations and damage client relationships.

What RBI and CERT-In Say

The RBI advises caution regarding unsolicited communications claiming to be from the central bank, especially requests for payments or sharing sensitive credentials. It warns businesses about phishing attempts and recommends verifying all messages through official RBI channels.

CERT-In regularly issues alerts on phishing and government impersonation scams through WhatsApp and email. The Indian Cyber Crime Coordination Centre (I4C) encourages reporting such incidents promptly through the national cybercrime.gov.in portal.

For immediate assistance, victims can call the national cybercrime helpline at 1930 or contact RBI customer service through their official website. These bodies emphasize never to share OTPs, Aadhaar details, or banking passwords with anyone over phone or chat.

How to Protect Yourself

1. Always verify the sender’s contact and cross-check with government or RBI official websites.
2. Do not click on suspicious links or download attachments from unknown sources.
3. Never make payments via UPI or bank transfer to unverifiable accounts demanding “settlement” for leaks.
4. Install updated antivirus and anti-malware tools on your devices.
5. Educate your employees on spotting phishing and extortion scam tactics.
6. Use multi-factor authentication for all business accounts linked to financial or Aadhaar data.
7. Report any threatening messages or suspicious links immediately to CERT-In or cybercrime.gov.in.

What to Do If You've Been Targeted

1. Do not respond further to the scammer’s messages or calls.
2. Immediately block the scammer’s WhatsApp number and emails.
3. Report the incident to your local cyber police or call the 1930 cybercrime helpline.
4. File a complaint on the official cybercrime portal at cybercrime.gov.in.
5. Inform your bank and UPI service provider to monitor accounts for suspicious activity.
6. Freeze or temporarily block any compromised accounts linked to the business.
7. Keep records of all communications and payment receipts for police and investigation.

Frequently Asked Questions

Q: Can the RBI really leak business data online?
No. The RBI does not share or leak business or customer data publicly. Any claims of an RBI data leak through unofficial websites are scams.

Q: What if I already paid the scammers?
Immediately report the payment to your bank and UPI provider. While reversing payments is difficult, quick action may help limit further losses. Also, file a police complaint and cyber fraud report.

Q: How do I verify if a message claiming to be from RBI is genuine?
Check the contact details on the official RBI website and do not trust messages asking for payments or sensitive details. Use official RBI customer service channels for confirmation.

For any suspicious messages or calls, verify authenticity immediately at BharatSecure.app and report fraud to the 1930 cybercrime helpline.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.