Phishing for Aadhaar/PAN Updates — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 27, 2026

Severity: CRITICAL | View Full Scam Details

Beware in 2026: Phishing for Aadhaar and PAN Updates Is a Growing Cyber Threat in India

A new wave of phishing scams targets your Aadhaar and PAN details, tricking people into sharing sensitive data that can lead to identity theft and financial loss.

What Is the Phishing for Aadhaar/PAN Updates?

Phishing for Aadhaar/PAN Updates is a type of cyber fraud where scammers impersonate government agencies or banks to grab your personal identity details. In India, your Aadhaar and PAN cards are crucial documents often linked to your bank accounts, tax filings, and government benefits, making them prime targets for fraudsters. This scam aims to steal these details by sending fake messages about supposed issues with your Aadhaar or PAN records.

Typically, these frauds come through SMS, WhatsApp forwards, or emails claiming urgent problems with your identity documents. The messages warn about account suspension or penalties, urging you to update your details immediately via a provided link. The fake links lead to cloned websites that look like official portals but are traps to harvest your Aadhaar number, PAN card details, registered mobile numbers, and even OTPs sent for verification.

This scam has grown rapidly across India due to the widespread reliance on Aadhaar and PAN for accessing financial services and government schemes. The Ministry of Electronics and Information Technology, CERT-In, and the RBI have issued warnings about such phishing activities, stressing that no legitimate agency will ask for OTPs or confidential details via links in unsolicited messages.

How This Scam Works — Step by Step

1. Initial Contact via Message or Call: You receive an SMS, WhatsApp message, or even a phone call stating there is an urgent problem with your Aadhaar or PAN details. The message may claim your bank account linked to these IDs will be frozen or fine penalties will apply if you don’t act quickly.

2. Fake Link Shared: The message contains a URL that looks official, mimicking government or bank websites. The sender uses official logos and formats to appear trustworthy.

3. Victim Clicks Link and Enters Details: On clicking the link, you land on a fake webpage where you are asked to fill in sensitive information including your Aadhaar number, PAN card number, full name, date of birth, mobile number, and sometimes your bank UPI ID.

4. OTP Harvesting: To ‘verify’ the data, the site asks for the One-Time Password (OTP) sent to your mobile number. Sharing OTP hands over control of your account or simulates authorization for transactions.

5. Identity Theft and Money Loss Occur: With these details, fraudsters can carry out SIM swaps, unauthorized bank transactions, or open fake accounts in your name. Victims may only realize after suspicious debits from their bank or misuse of Aadhaar linked services.

Real Warning Signs to Watch For

• Messages demand immediate action with threats of penalties or account suspension.
• URLs in the messages do not match official government domains (.gov.in) and look unusual.
• The message or call asks for OTPs, Aadhaar number, PAN details, or bank UPI IDs directly.
• Poor grammar or spelling errors in messages indicating they may be fake.
• Unsolicited contacts claim to represent multiple agencies in one message.
• The website looks genuine but the URL bar shows suspicious links or misspellings.
• Requests come through WhatsApp or SMS, not official emails or registered portals.

What Happens to Victims

Victims often face financial loss through fraudulent bank transactions or unauthorized UPI payments that are hard to reverse. The stolen Aadhaar and PAN data can be used to create fake identities for loans, credit cards, or illegal activities, harming credit scores and financial reputation. Emotionally, victims suffer stress and anxiety due to identity theft fears and complex recovery processes.

In India, SIM swap frauds conducted after phishing your OTPs can block your access to mobile banking and UPI apps, locking you out of accounts. Additionally, resetting Aadhaar-linked services becomes challenging, delaying crucial government or banking transactions.

What RBI and CERT-In Say

The Reserve Bank of India (RBI) has cautioned users repeatedly about phishing scams asking for OTPs or confidential information under the guise of Aadhaar or PAN updates. RBI’s guidelines emphasize that no legitimate banking or government entity will ask for such details through SMS or WhatsApp.

CERT-In (Indian Computer Emergency Response Team) advises users to verify messages and report suspicious ones immediately. The Ministry’s I4C (Indian Cyber Crime Coordination Centre) website highlights the critical risk of identity theft from phishing and urges vigilance.

For help, victims can call the cybercrime helpline at 1930, which offers guidance on responding to such instances and reporting fraud.

How to Protect Yourself

1. Never click on suspicious links in unsolicited messages claiming Aadhaar/PAN issues.
2. Verify any requests by visiting official portals directly instead of using message links.
3. Do not share OTPs or confidential details with anyone, even if they claim to be a government official.
4. Check website URLs carefully—official government sites end with “.gov.in”.
5. Use mobile apps from verified sources for any Aadhaar or PAN updates.
6. Report suspicious messages or calls to the 1930 cybercrime helpline and your bank.
7. Keep your registered mobile number secure and report any SIM swap immediately to your telecom operator.

What to Do If You’ve Been Targeted

• Freeze your bank accounts or UPI app access immediately by contacting your bank.
• File a cybercrime complaint online at cybercrime.gov.in with all evidence of the phishing attempt.
• Report the incident to the 1930 cybercrime helpline for expert assistance.
• Alert your telecom provider to prevent SIM swaps or unauthorized mobile number changes.
• Change passwords for your online banking and associated email IDs.
• Inform UIDAI if your Aadhaar details were compromised and check for unauthorized updates.
• Monitor your credit report and bank transactions regularly for suspicious activity.

Frequently Asked Questions

Q: Can government agencies ask for Aadhaar or PAN details and OTPs via SMS or WhatsApp?
No. Official agencies never request OTPs or sensitive ID details via SMS, WhatsApp, or unsecured links. Always verify through official websites or helplines.

Q: What should I do if I accidentally shared my OTP or Aadhaar details on a suspicious site?
Immediately contact your bank to block transactions, report to 1930 cybercrime helpline, and file a complaint at cybercrime.gov.in. Also, notify UIDAI to secure your Aadhaar.

Q: How can I identify fake websites pretending to be Aadhaar or PAN portals?
Check the URL carefully—official government portals end with “.gov.in.” Look for spelling mistakes, missing HTTPS, or unusual domain names before entering any information.

If you receive suspicious messages about Aadhaar or PAN updates, always verify on BharatSecure.app and report scams to the 1930 helpline to protect yourself and others.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.