Kerala police warn of fake update scam targeting Vivo, iQOO smarphone users — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 27, 2026

Severity: HIGH | View Full Scam Details

Beware in 2026: Kerala Police Warn of Fake Update Scam Targeting Vivo & iQOO Smartphones in India

A new phishing scam is on the rise in India, where fraudsters trick Vivo and iQOO smartphone users into downloading fake software updates, risking money and data theft.

What Is the Kerala Police Warn of Fake Update Scam Targeting Vivo, iQOO Smartphone Users?

In early 2026, the Kerala Police issued urgent warnings about a sophisticated cybercrime scam targeting users of Vivo and iQOO smartphones—two popular brands among Indian mobile users. This scam involves criminals sending fake update notifications claiming the need for a new firmware release promising “performance improvements” or “important security patches.” The scammers exploit the trust users place in their phone brands, creating a credible façade.

This phishing scam primarily affects Vivo and iQOO users across Kerala but has quickly spread to other states via social media platforms like Facebook, Instagram, and WhatsApp. These platforms serve as breeding grounds for fraudsters to post deceptive advertisements or forward messages that push users into hurried action. The scam’s high risk (7/10 on BharatSecure.app’s scale) is due to its ability to persuade users into sharing sensitive information or downloading malicious software.

While no direct advisory from RBI or CERT-In specifically calls out this scam as of now, CERT-In’s updated guidelines repeatedly warn against installing apps or updates from unofficial sources and caution about phishing attacks on messaging platforms. India’s Integrated Crisis Management Centre for Cybercrime (I4C) also backs these alerts by encouraging vigilance regarding smartphone security updates.

How This Scam Works — Step by Step

1. Initial Contact via Social Media or WhatsApp: The victim receives an urgent message or sees a post claiming that a critical firmware update for Vivo or iQOO smartphones is available.

2. Clicking the Fake Link: The message includes a link to download the supposed update. This link leads to a phishing website mimicking an official Vivo or iQOO update page but is actually controlled by fraudsters.

3. Downloading Malicious Software: If the victim clicks the download, a malicious APK (Android application) is installed instead of a legitimate update. This malware seeks to steal personal data, including UPI PINs, OTPs, Aadhaar credentials stored on the phone, or even remote control of messaging apps.

4. Phishing for Credentials and OTPs: The scam app may prompt the user to enter sensitive information under the guise of verifying the update or security features. Fraudsters may also send fake OTPs asking the user to share them.

5. Financial Theft: Once scammers have access to these details, they can initiate UPI transactions, SIM swap attacks, or Aadhaar-based identity theft, draining bank accounts or causing social media impersonation.

6. Disappearance and Further Spread: After stealing data, scammers often disappear and reuse the victim’s messaging accounts for further spreading the scam to contacts.

Real Warning Signs to Watch For

• Messages or posts claiming urgent "firmware updates" via unofficial social media links.
• Download links that do not come from Google Play Store or official Vivo/iQOO websites.
• Requests for OTPs, UPI PINs, Aadhaar numbers, or other sensitive data during the update process.
• Poor website design or URL misspellings in the update link.
• Sudden pop-ups or apps asking for device admin permissions after downloading an update.
• Pressure tactics emphasizing urgency like “Update now or phone will stop working.”
• Messages arriving from unknown numbers or unofficial social media handles posing as Vivo or iQOO customer service.

What Happens to Victims

Victims often face severe financial loss as fraudsters drain money directly from UPI-linked bank accounts. Unlike some card transactions, UPI payments once done cannot be easily reversed, and victims may struggle to recover stolen funds. Additionally, Aadhaar misuse can result in identity theft with long-term consequences, including unauthorized loan applications or government service frauds.

Emotionally, victims suffer from anxiety, frustration, and a loss of trust in digital services. SIM swapping connected to such scams can leave users locked out of their phone numbers, disrupting communication and access to critical services like internet banking or government portals.

What RBI and CERT-In Say

The Reserve Bank of India (RBI) routinely issues guidelines reminding users never to share UPI PINs or OTPs and to report suspicious transactions immediately. The RBI helpline for banking fraud is key to quickly freezing accounts once fraud is detected.

CERT-In, India’s official cybersecurity agency, alerts users to the dangers of phishing and fake apps and encourages downloading software updates only from official vendor websites or app stores. CERT-In’s 1930 cybercrime helpline supports victims reporting such cases and advises on recovery and protection.

Both agencies emphasize multi-factor authentication (MFA), timely software updates ONLY from trusted sources, and periodic monitoring of bank and UPI accounts via mobile banking apps to spot fraud quickly.

How to Protect Yourself

1. Never click update links from WhatsApp, Facebook, or Instagram posts/messages—always check official Vivo/iQOO websites or app stores.
2. Verify firmware update availability via phone Settings > About phone > System updates instead of clicking external URLs.
3. Avoid sharing OTPs, UPI PINs, or Aadhaar details with anyone, even if claiming to be customer service.
4. Enable Google Play Protect on Android phones to detect harmful apps before installation.
5. Use strong screen lock and biometric authentication to prevent unauthorized access if a malicious app is installed.
6. Regularly check UPI transaction history and bank statements for unknown debits.
7. Report suspicious messages immediately to the 1930 cybercrime helpline or BharatSecure.app for verification.

What to Do If You’ve Been Targeted

• Immediately contact your bank and UPI app provider to block transactions and freeze linked accounts.
• Call the 1930 national cybercrime helpline to report the scam and get guidance on next steps.
• Change your Vivo/iQOO phone passwords and multi-factor authentication codes right away.
• File a formal complaint at cybercrime.gov.in — this initiates investigation and evidence preservation.
• Inform your mobile service provider to safeguard against SIM swap fraud if you suspect phone number takeover attempts.
• Scan your phone with trusted antivirus apps and uninstall any suspicious apps immediately.

Frequently Asked Questions

Q1: Can I get fake firmware updates on any smartphone or only Vivo/iQOO?
While this scam targets Vivo and iQOO users, similar phishing scams can occur on any brand. Always verify update sources for all your devices.

Q2: Why don’t official Vivo or iQOO channels send such update links on WhatsApp or social media?
Official manufacturers use their device settings and verified app stores for updates. They do not send unsolicited update links on third-party platforms.

Q3: If I shared my OTP during the scam, how soon can fraudsters misuse it?
Fraudsters usually act within minutes, performing fraudulent UPI transactions or SIM swaps before victims can react, making quick action critical.

Stay alert and protect your phone. If you get any suspicious messages about updates or software, always double-check at BharatSecure.app before clicking any links or sharing information. Your phone and money depend on it!