Kerala police warn of fake update scam targeting Vivo, iQOO smartphone users — How to Identify & Stay Safe

Severity: MEDIUM | View Full Scam Details

Kerala Police Warn of Fake Update Scam Targeting Vivo, iQOO Smartphone Users in India 2026: Beware This Phishing Threat

A new phishing scam in 2026 is targeting Vivo and iQOO smartphone users in India by tricking them into installing fake software updates that steal personal data and money.

What Is the Kerala Police Warn of Fake Update Scam Targeting Vivo, iQOO Smartphone Users?

In early 2026, the Kerala Police issued a warning about a phishing scam aimed at users of Vivo and iQOO smartphones, two of the most popular smartphone brands in India. This scam falsely promises a new software update but is designed to deceive users into downloading malicious apps or providing sensitive information like OTPs, bank details, or Aadhaar numbers. While the scam is mainly reported in Kerala, authorities believe its reach extends nationwide due to the widespread use of these brands.

This scam exploits the common Indian smartphone user's trust in timely software updates, which are typically released to enhance device performance or security. Scammers imitate official communication from Vivo or iQOO, including logos and formatting, to give their messages credibility. Since these updates appear legitimate, many users fall victim without suspecting foul play.

Although the Reserve Bank of India (RBI) and CERT-In (Indian Computer Emergency Response Team) have not specifically listed this scam yet, they consistently alert users about phishing attempts targeting financial credentials via fake apps or SMS. Similarly, the Indian Cyber Crime Coordination Centre (I4C) encourages vigilance against such frauds, especially on popular platforms like WhatsApp and social media, which are prime channels for spreading phishing links.

How This Scam Works — Step by Step

1. Initial Contact via Social Media or WhatsApp: Scammers post messages or send direct WhatsApp texts claiming a new Vivo/iQOO official update is available. Messages often include a link to “download” the update.

2. Fake Update Notification: The user clicks on the link and is taken to a webpage that looks like an official Vivo or iQOO site. This site may ask them to allow certain permissions or download an APK (Android app file), which is disguised as the update.

3. Installation of Malicious App: Once installed, this fake update app gains access to sensitive smartphone functions such as contacts, messages, or UPI apps.

4. Data Harvesting & OTP Request: After installation, the app may prompt the user to enter OTPs sent during UPI transactions or banking logins. Because the attacker controls the app, they capture these OTPs, giving them access to the victim’s bank account or wallet.

5. Financial Theft: Using the stolen credentials and OTPs, scammers initiate UPI payments or bank transfers, siphoning off money without the user’s knowledge.

6. Further Exploitation: Some variants also steal Aadhaar data or perform SIM swap fraud by tricking telecom operators, enabling even deeper access to victims’ digital identities.

Real Warning Signs to Watch For

• Messages or posts claiming urgent Vivo/iQOO updates but coming from unknown contacts rather than official sources.
• Links that do not lead to the official Vivo or iQOO website (check URL carefully).
• Requests to download updates via APK files instead of through Google Play Store.
• Prompts during update installation asking for OTPs, bank passwords, or Aadhaar details.
• Poor grammar, spelling mistakes, or strange formatting in messages.
• Urgency or threats if the update is not installed immediately.
• Unexpected pop-ups or apps requesting permissions unrelated to software updates.

What Happens to Victims

Victims of this scam often experience sudden financial loss as their bank or UPI accounts get drained. In India, reversing UPI or net banking fraud is difficult and can take weeks to months, causing distress. The misuse of Aadhaar information can lead to identity theft, making victims vulnerable to more scams or fraudulent loans.

Emotionally, victims feel violated and anxious, particularly as the fraud happens through their trusted smartphone. Since many users rely on these devices for daily banking, communication, and personal records, the scam disrupts life significantly. In some cases, victims are hesitant to report the crime out of embarrassment or ignorance about the complaint process.

What RBI and CERT-In Say

While there is no exclusive advisory on this exact scam, RBI advises the public not to share OTPs or banking credentials with anyone. The RBI helpline 1800-112-212 is available for fraud-related queries. CERT-In regularly issues warnings about phishing and malware disguised as legitimate apps and urges users to download software only from trusted sources like Google Play Store.

The Indian Cyber Crime Coordination Centre (I4C) encourages users to report phishing incidents promptly through their quick response mechanisms. For urgent assistance, the National Cyber Crime Reporting Portal (cybercrime.gov.in) and the cybercrime helpline number 1930 are key resources.

How to Protect Yourself

1. Only update your Vivo or iQOO phone via official channels: Use device settings or the official Vivo/iQOO app to check for updates, never click on links from unknown sources.

2. Avoid installing APKs from unsolicited messages or websites.

3. Verify sender identities: If you receive update notifications on WhatsApp or social media, confirm through official Vivo/iQOO pages or customer support numbers.

4. Never share OTPs, bank passwords, or Aadhaar details with anyone, even if they claim to be from your phone provider.

5. Enable two-factor authentication (2FA) for your bank and UPI apps to add an extra security layer.

6. Keep your phone’s security software up to date and run regular malware scans.

7. Be skeptical of messages creating urgency or fear about missing an important update.

What to Do If You've Been Targeted

1. Immediately contact your bank and block your account or payment apps if unauthorized transactions happen.

2. File an FIR with your local police explaining the scam details, including screenshots and message logs.

3. Report the incident on the National Cyber Crime Reporting Portal at cybercrime.gov.in.

4. Call the 1930 cybercrime helpline to get expert guidance on next steps.

5. Inform your telecom provider if you suspect SIM swap or Aadhaar misuse to freeze/secure your mobile number.

6. Change all passwords linked to your phone and online accounts, especially banking and UPI apps.

7. Keep a close watch on your bank statements and UPI transaction history for any suspicious activity.

Frequently Asked Questions

Q: How can I verify if a Vivo or iQOO update notification is genuine?
A: Always check for updates through your phone’s system settings or the official Vivo/iQOO website. Avoid clicking on links shared on WhatsApp or social media unless verified by the official brand channels.

Q: Can I get my money back after falling victim to this scam?
A: Recovering funds depends on your bank and transaction type. Report fraud immediately. RBI mandates banks to resolve complaints under the Ombudsman scheme, but reversing UPI payment fraud can be challenging and time-consuming.

Q: Why do scammers ask for OTPs during an update process?
A: OTPs act as a one-time password for banking transactions or account verification. Scammers use fake update apps to trick you into sharing OTPs, which they use to authorise fraudulent payments or access sensitive accounts.

If you receive any suspicious update messages or links for your Vivo or iQOO smartphone, don’t take risks. Verify every notification with accurate sources and report scams immediately on BharatSecure.app — your trusted partner in fighting digital fraud. Stay alert, stay safe!