Invitation Scam Leading to Malicious Website — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 22, 2026

Severity: HIGH | View Full Scam Details

Beware in 2026: Invitation Scam Leading to Malicious Websites Targets Indian Netizens

A new wave of phishing scams is sweeping across India, where fake social media invitations lure users to dangerous websites that steal personal data and money.

What Is the Invitation Scam Leading to Malicious Website?

The Invitation Scam Leading to Malicious Website is a rising cyber threat in India in 2026, exploiting the trust people place in their friends and social circles. Fraudsters send unsolicited invites through social media platforms like Facebook and Instagram, and messaging apps such as WhatsApp. These messages often promise job offers, exclusive events, or special deals that sound hard to resist.

Targets are everyday Indian internet users, especially those active on social media and messaging apps. Scammers also compromise real accounts of friends or family, making the invitations look authentic. This scam has spread rapidly, leveraging India’s growing online population and increasing use of UPI payments, Aadhaar-linked services, and mobile banking.

The Indian Computer Emergency Response Team (CERT-In) and the Indian Government’s Inter-Departmental Committee on Cybersecurity (I4C) have issued warnings about phishing tactics similar to this scam. These agencies emphasize that cybercriminals are becoming more sophisticated, using social engineering to bypass suspicion.

How This Scam Works — Step by Step

1. Research and Targeting: Scammers collect personal data from social media profiles or leaked databases to craft believable profiles.
2. Invitation Sent: You receive a message or post from a friend’s compromised account or a seemingly trustworthy new contact. It invites you to click a link to join an "exclusive event," a "job opportunity," or a "limited-time offer."
3. Clicking the Link: The link directs you to a fake website, like pretrejfix.com, designed to look legitimate but loaded with malware or phishing forms.
4. Data Theft: The site asks for personal details—such as Aadhaar numbers, bank details, or UPI PINs—or prompts a download that infects your phone with spyware.
5. Financial Loss: Using stolen details, scammers may initiate unauthorized UPI transactions or apply for loans/e-KYC verification fraudulently.
6. Further Spread: Infected accounts may send similar malicious invitations to your contacts, perpetuating the scam.

Real Warning Signs to Watch For

• Unexpected invitations from friends asking to click unknown links.
• Messages creating a false sense of urgency (e.g., “Limited spots,” “Apply now or lose the chance”).
• URLs with strange domain names (e.g., pretrejfix.com) or spelling errors in the link.
• Requests for sensitive data like Aadhaar, UPI PIN, or OTP on the site linked.
• Messages sent from new or recently changed phone numbers/accounts.
• Poor grammar or awkward language in the invitation message.
• Links redirecting to pages asking you to download apps or software unexpectedly.

What Happens to Victims

Victims of this scam can face severe financial damage, especially with India’s reliance on UPI payments. Once scammers gain access to UPI PINs or bank credentials, they can drain accounts instantly. Unlike traditional banking, reversing UPI transactions is difficult unless immediate action is taken.

Emotional distress is significant, as victims feel betrayed when hacked accounts send malicious links to their contacts. Aadhaar misuse can lead to identity theft, making it easier for criminals to impersonate victims for loan fraud or SIM swaps. A SIM swap can lock victims out of their mobile devices, blocking access to OTPs and banking apps, compounding the loss.

What RBI and CERT-In Say

The Reserve Bank of India (RBI) has repeatedly urged users to never share UPI PINs or OTPs, and to avoid clicking links from unknown sources. The RBI helpline for reporting fraud is 1800-22-1911.

CERT-In recommends vigilance against phishing scams and offers the 1930 cybercrime helpline to report incidents. According to recent advisories, users should verify every invitation, link, or offer, especially those received through social media and messaging apps, and immediately report suspicious activity through the government’s cybercrime portal.

The Indian government encourages use of two-factor authentication and advises keeping all apps and devices updated to reduce vulnerabilities.

How to Protect Yourself

1. Verify Invitations: Contact the sender directly via a different channel before clicking any links.
2. Avoid Clicking Links from Unknown Sources: Especially in WhatsApp or Facebook messages.
3. Check URL Carefully: Look for misspellings, unrelated domain names, or HTTPS absence.
4. Never Share Sensitive Info: Don’t provide Aadhaar, UPI PIN, OTPs, or passwords online.
5. Use Official Apps: Always access job offers or events through official websites, not shared links.
6. Install Antivirus/Anti-Malware: Keep your phone secure with updated apps.
7. Enable Two-Factor Authentication: For all financial and social media accounts.

What to Do If You’ve Been Targeted

• Immediately Change All Passwords: Especially for your bank, UPI, email, and social accounts.
• Contact Your Bank/UAE: Report unauthorized transactions, and request to block further payments.
• Report the Scam: File a complaint on cybercrime.gov.in and call the 1930 cybercrime helpline.
• Freeze or Block Aadhaar-linked services: Contact UIDAI if Aadhaar misuse is suspected.
• Inform Your Mobile Operator: If you suspect SIM swap fraud.
• Alert Your Contacts: Warn friends and family so they don’t fall victim to similar scams from your compromised account.

Frequently Asked Questions

Q: How can I be sure if an invitation on WhatsApp is legitimate?
Always verify by calling or messaging the sender outside WhatsApp. Genuine invitations will be confirmed easily. Avoid clicking links from unexpected sources.

Q: Can UPI transactions be reversed if I lost money due to this scam?
UPI payments are instant and usually final. You should report the fraud immediately to your bank and file a police complaint, but reversals depend on the circumstances and RBI guidelines.

Q: What should I do if I accidentally entered my details on a suspicious website?
Change your passwords immediately, inform your bank, freeze your accounts if needed, and report the incident to CERT-In via the 1930 helpline and cybercrime.gov.in.

India’s digital world is exciting but risky. Always be skeptical of unsolicited invitations or offers, especially on social media. For any suspicious message, verify it first at BharatSecure.app—protect yourself and those you care about.