How cyber fraudsters duped Pune man of Rs 6 lakh after posting MNGL bill message to his father-in-law — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 26, 2026

Severity: HIGH | View Full Scam Details

2026 Alert: How Cyber Fraudsters Duped Pune Man of Rs 6 Lakh Using Fake MNGL Bill Message — A High-Risk Phishing Scam in India

Phishing scams remain one of the most dangerous digital threats in India, with fraudsters increasingly exploiting trusted family networks to steal large sums, as seen in a recent case involving a Pune man losing Rs 6 lakh.

What Is the Scam “How Cyber Fraudsters Duped Pune Man of Rs 6 Lakh After Posting MNGL Bill Message to His Father-in-Law”?

This phishing scam targets Indian families by impersonating a reliable service provider—in this case, Maharashtra Natural Gas Limited (MNGL). The fraudsters sent a fake MNGL bill message, often through WhatsApp or SMS, to the victim’s father-in-law. The unsuspecting relative, assuming the message was genuine, unwittingly interacted with the fraudsters, eventually exposing the Pune man to financial loss.

Phishing scams like these are widespread in India, with cybercriminals continuously finding new ways to exploit digital trust. According to Indian cybersecurity bodies such as CERT-In and the Indian Cyber Crime Coordination Centre (I4C), scams using fake utility bill messages are rising, marked by increasing reports to the 1930 cybercrime helpline. The Reserve Bank of India (RBI) has also warned about social engineering attacks targeting UPI transactions, where fraudsters mimic businesses or utilities to trick victims.

The key target often includes older adults or people less familiar with digital security protocols. Scammers exploit familial trust by sending messages to relatives rather than their ultimate victims, making these scams especially hard to detect until significant damage has occurred.

How This Scam Works — Step by Step

1. Initial Fake Message: The fraudsters send an SMS or WhatsApp message, impersonating MNGL, to the victim’s father-in-law. The message looks authentic, often including the MNGL logo, a plausible bill amount, and a link or contact number.

2. Building Trust: The relative receives the message and assumes it’s a legitimate bill alert. The fraudsters may follow up with a call or message, increasing urgency by warning of late fees or service disruption.

3. Passing Information: The father-in-law shares this message or link with the Pune man, who may be expected to pay the bill or investigate further.

4. Phishing Website or Form: When the Pune man clicks on the link or contacts the number, they are directed to a fake MNGL payment portal or asked to share sensitive details such as Aadhaar, bank account info, or UPI PIN.

5. Request for Payment: The fraudsters may also convince the victim to authorize a UPI transaction “for bill payment” or request OTPs sent to the victim’s phone.

6. Loss of Money: Using the collected details and OTP, the scammers initiate fraudulent transactions, draining the victim’s bank accounts of Rs 6 lakh or more.

7. Realization and Report: The victim realizes the scam after seeing unauthorized debits but by then the money is already lost.

Real Warning Signs to Watch For

• Unexpected bill messages from utility companies you don’t have accounts with or from relatives you weren’t expecting to contact.
• Links with unusual URLs that do not match the official MNGL website (check carefully for misspellings or extra characters).
• Urgent language creating pressure, like late fee threats or service cut-offs.
• Requests for UPI PIN or OTPs via phone or message—legitimate companies never ask for these.
• Unsolicited WhatsApp messages from unknown numbers, even if they use familiar logos or names.
• Relatives forwarding messages without verifying—often a red flag for social engineering.
• Payment requests via non-official channels, like messaging apps instead of official MNGL portals or apps.

What Happens to Victims

Victims in India face severe financial loss and emotional distress. Losing Rs 6 lakh can cripple savings, delay essential payments, or impact credit scores. Unlike card payments, UPI transactions are mostly irreversible; RBI only allows refunds if banks confirm fraud, and this process can be slow and uncertain.

In many cases, the misuse of Aadhaar details opens doors for identity theft, adding long-term risks. Victims also suffer from psychological impacts like loss of trust, fear of digital platforms, and stress managing recovery with banks and law enforcement.

SIM swap frauds compound risks, as fraudsters who have phone access can intercept OTPs to authorize multiple transactions. This scam exemplifies how deeply personal networks and digital finance intertwine in India’s tech ecosystem, making vigilance a must.

What RBI and CERT-In Say

The Reserve Bank of India, through its cybersecurity guidelines, has repeatedly cautioned users against sharing OTPs, UPI PINs, and bank details. RBI’s Customer Education booklets explicitly warn about phishing tactics using fake messages and urge users to verify payment requests independently.

CERT-In has issued advisories to stay alert about SMS and WhatsApp phishing campaigns, emphasizing that official entities never ask for confidential information via messaging apps or calls.

For assistance, victims can reach out to:

• 1930 Cybercrime Helpline – India’s dedicated line for reporting cyber fraud.
• RBI Helpline (Call Centre for Banking Related Complaints) – 1800 22 1911 or 14440

These bodies promote public awareness and urge victims to report incidents promptly for faster action.

How to Protect Yourself

1. Verify all utility bill messages by checking the official MNGL website or calling their official customer service numbers.
2. Never click on payment links sent via WhatsApp or SMS—type the URL manually in your browser.
3. Never share your UPI PIN or OTP with anyone, even if they claim to be from your bank or MNGL.
4. Confirm messages with family members over a direct phone call before acting on any bill alerts they forward.
5. Use official apps or portals to pay bills or check dues; avoid third-party websites.
6. Register your Aadhaar only on verified platforms, and monitor your bank statements regularly for unauthorized transactions.
7. Enable UPI transaction notifications and immediately report suspicious activities to your bank.

What to Do If You've Been Targeted

1. Immediately block or freeze your bank account and UPI apps by contacting your bank’s customer care.
2. Report the incident to the cybercrime.gov.in portal—India’s official site to file cybercrime complaints.
3. Call the 1930 Cybercrime Helpline for expert guidance on further actions.
4. Inform your mobile operator about potential SIM swap risks and request enhanced security measures.
5. Inform relatives and friends if they are involved, so they can also safeguard themselves.
6. Change your passwords and linked email IDs associated with payment apps.
7. Document all transaction details and messages to assist investigation by police and banks.

Frequently Asked Questions

Q: How can I be sure whether an MNGL bill message is genuine?
A: Always cross-check by logging into your official MNGL customer account or calling their verified customer care numbers. Never rely solely on WhatsApp or SMS links.

Q: What should I do if I have already shared my UPI PIN or OTP?
A: Immediately contact your bank to block transactions, change your UPI PIN, and report the fraud to cybercrime authorities. Prompt action improves chances of recovery.

Q: Can I reverse unauthorized UPI payments?
A: UPI payments are designed to be instant and mostly irreversible. However, you can file complaints with your bank and cyber police for investigation and possible compensation, depending on the case.

Stay safe by verifying every suspicious message, especially those related to payments. If you receive any doubtful MNGL bill alerts or utility messages, do not click links or share details without verification. When in doubt, visit BharatSecure.app — India’s trusted platform to check and report digital fraud threats.