India second most targeted country for cyberscams globally, finds Meta report — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 01, 2026

Severity: HIGH | View Full Scam Details

India Still a Top Target for Phishing Scams in 2026: How to Stay Safe

India continues to be a prime target for cybercriminals, with phishing attacks remaining a significant threat to your hard-earned money and personal information.

What Is the India second most targeted country for cyberscams globally, finds Meta report?

Reports continue to show that India is one of the most targeted countries for phishing scams, unfortunately. These scams often occur on platforms like Facebook, Instagram, and WhatsApp and frequently impersonate trusted entities to steal your information. Scammers create fake profiles posing as banks, government agencies, or even popular online retailers to build trust and trick users into divulging sensitive data. You might see advertisements for nonexistent goods or services, or even fake job postings that require you to share personal information. They may also cleverly use legitimate platforms such as UPI to trick users into sharing sensitive financial information, such as UPI PIN or OTP. The RBI and CERT-In have regularly issued warnings about increasing online fraud, highlighting the need for vigilance and caution when interacting online.

This type of scam relies heavily on social engineering — manipulating people into giving up confidential information. Scammers are becoming increasingly sophisticated, making it crucial to recognize the warning signs and take proactive steps to protect yourself. It's important to treat all unsolicited requests for personal or financial information with extreme skepticism, regardless of how legitimate they may appear. Remember, your vigilance is the first line of defense.

How This Scam Works — Step by Step

Let's break down how these phishing scams typically unfold in India:

1. Initial Contact: You receive a message or call (often on WhatsApp) from an unknown number. The sender claims to be from a reputable organization like a bank, e-commerce platform, or government agency (for example, claiming to be an Aadhaar verification notice).

2. Building Trust (Fake Offer): The scammer presents a seemingly legitimate offer, such as a cashback reward, a loan approval, a job opportunity, or a warning about a potential security breach on your account. They might even claim you've won a lottery.

3. Information Request: The scammer asks for sensitive information like your UPI PIN, OTP, Aadhaar number, bank account details, or credit card information. They might also ask you to download a 'secure' app for verification (which is usually malware).

4. Fake Payment/Request: The scammer might send you a bogus payment link via UPI, claiming you need to enter your PIN to 'receive' the money. In reality, entering your PIN authorizes a debit from your account.

5. Funds Transfer/Data Theft: Once they obtain your information or trick you into making a payment, they quickly transfer funds to their accounts or use your personal information for identity theft or other fraudulent activities. They may drain your bank account entirely in a matter of minutes.

Real Warning Signs to Watch For

• Unsolicited Communication: Be wary of messages or calls you didn't request, especially those urgently asking for personal information.
• Poor Grammar and Spelling: Scammers often make grammatical errors or typos in their messages.
• Suspicious Links: Avoid clicking on links from unknown senders, especially if they seem shortened or look unusual (e.g., using ".xyz" extensions instead of ".com"). Always hover over links to see the real destination before clicking and verify.
• Urgent Requests: Scammers often create a sense of urgency to pressure you into acting quickly without thinking. They might say something like "Your account will be blocked if you don't act now!"
• Requests for OTP or PIN: Legitimate organizations never ask for your OTP or UPI PIN over the phone or via message. This information is strictly personal and should never be shared.
• Unusual Payment Methods: Scammers often prefer unusual payment methods like gift cards or pre-paid debit accounts, which are difficult to trace.
• Fake Logos or Branding: Carefully examine logos and branding in messages. Scammers often use slightly altered or outdated logos.

What Happens to Victims

The impact of falling victim to a phishing scam in India can be devastating. Financially, victims can lose significant amounts of money from their bank accounts or credit cards. In some cases, scammers might use stolen Aadhaar details for SIM swapping, granting them access to SMS OTPs and enabling further fraud. The emotional toll can also be significant, leading to feelings of shame, anger, and anxiety. It's not uncommon to experience stress and sleeplessness after becoming a victim of cybercrime. Reversing fraudulent UPI transactions is often difficult and time-consuming, adding to the frustration.

What RBI and CERT-In Say

RBI frequently advises users to practice caution while transacting online and to never share sensitive information like OTPs or PINs with anyone. CERT-In (the Indian Computer Emergency Response Team) issues regular advisories about phishing attacks and other cyber threats, urging users to keep their software updated and to be wary of suspicious emails and messages. You can follow their website and social media channels for up-to-date alerts. The government's I4C (Indian Cyber Crime Coordination Centre) also plays a crucial role in combating cybercrime in India, with initiatives aimed at preventing and investigating cyber offenses. Remember the toll-free helpline 1930 for reporting cybercrime incidents.

How to Protect Yourself

1. Think Before You Click: Always double-check the legitimacy of a website or email before clicking on any links or entering any personal information.
2. Enable Two-Factor Authentication (2FA): Use 2FA on all your important accounts (email, banking, social media). This adds an extra layer of security, making it harder for scammers to access your accounts even if they have your password.
3. Use Strong, Unique Passwords: Create strong, unique passwords for each of your online accounts. A password manager can help you generate and store these passwords securely.
4. Keep Your Software Updated: Regularly update your operating system, web browser, and antivirus software. These updates often include security patches that protect you from the latest threats.
5. Verify Requests Independently: If you receive a request for information from a bank or other organization, contact them directly through their official website or phone number, not through the contact information provided in the suspicious message.
6. Be Wary of UPI Payment Requests: Carefully examine UPI payment requests before approving them. Ensure you recognize the sender and are comfortable with the amount requested. Remember that entering your UPI PIN authorizes a debit, not a credit.
7. Install BharatSecure App: Having the BharatSecure app installed provides alerts about potential dangers online every minute of every day.

What to Do If You've Been Targeted

If you suspect you've been targeted by a phishing scam, take these steps immediately:

1. Change Your Passwords: Change the passwords for all your important accounts, especially your email, banking, and social media accounts.
2. Report to the Bank/UPI Provider: Immediately contact your bank or UPI provider to report the incident and block your accounts if necessary. They can also guide you on reversing any fraudulent transactions.
3. Report to the Cybercrime Helpline: Call the national cybercrime helpline at 1930. This helps them track and potentially recover stolen funds.
4. File a Complaint on Cybercrime.gov.in: File a formal complaint on the government's cybercrime portal, cybercrime.gov.in. This is crucial for initiating an investigation and potentially recovering your losses.
5. Inform Local Police: You can also file a complaint with your local police station, especially if you've suffered significant financial losses.
6. Monitor Your Credit Report: Keep a close eye on your credit report for any suspicious activity that could indicate identity theft.

Frequently Asked Questions

Q: I received a message saying my Aadhaar is linked to a fraudulent account and I need to verify it immediately. Is this real?

A: No, this is almost certainly a phishing scam. Legitimate government agencies do not contact individuals via unsolicited messages to verify Aadhaar details. Never share your Aadhaar number or OTP with anyone over the phone or via message.

Q: I accidentally clicked on a suspicious link in a WhatsApp message. What should I do?

A: If you clicked on a suspicious link, immediately run a full scan of your device with a reputable antivirus program. Also, change the passwords for all your important accounts and monitor your bank statements for any unauthorized transactions.

Q: I got a UPI payment request for INR 1. Should I accept it to see who sent it?

A: No, you should not accept any UPI payment requests from unknown senders. Scammers often use this tactic to gain access to your UPI ID and potentially trick you into approving fraudulent transactions.

Before you trust that message or forward that so-called amazing deal, verify it's legitimate at BharatSecure.app. It's your shield against online fraud!