Return Swap and Empty Box E-Commerce Fraud — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 29, 2026

Severity: HIGH | View Full Scam Details

Beware of Return Swap and Empty Box E-Commerce Fraud in India 2026: Protect Your KYC, OTP, and Courier Details

A new wave of e-commerce scams called Return Swap and Empty Box fraud is affecting Indian online shoppers in 2026, risking their money and personal data.

What Is the Return Swap and Empty Box E-Commerce Fraud?

Return Swap and Empty Box fraud is a sophisticated trick targeting online shoppers and sellers in India. Fraudsters exploit the return process of e-commerce orders, manipulating courier pickups along with KYC details and One-Time Passwords (OTPs) to steal money or launch identity fraud. This scam particularly preys on customers who frequently buy products online and choose the “return and refund” option.

According to reports filed with cybercrime units and advisories from CERT-In (the Indian Computer Emergency Response Team), this fraud affects many Indian consumers, especially those using popular e-commerce platforms and courier services. Although the exact scale is hard to quantify due to underreporting, financial institutions and regulatory bodies rate it as high-risk with a score of 8/10 because of its financial impact and technical complexity.

RBI and CERT-In have warned about frauds involving KYC manipulation, OTP interception, and fake courier pickup requests, all of which form parts of this scam. The underlying risk is the growing abuse of digital payment systems including UPI (Unified Payments Interface) and linked bank accounts, which are increasingly targeted through fake returns or switched packages.

How This Scam Works — Step by Step

Return Swap and Empty Box fraud is carried out in several calculated steps:

1. Initial Contact — Fake Return Request:
   The scam begins when the victim receives a call, SMS, or WhatsApp message from someone claiming to be from the e-commerce company or courier firm. The caller informs them about a “return pickup” for an order they recently placed.

2. Courier Pickup Setup:
   The victim receives details about the pickup time and is instructed to pack the item for return. Meanwhile, the fraudster arranges a legitimate courier person (often unwitting) to pick up the package.

3. The Swap — Empty or Wrong Item:
   Instead of the original product, the fraudster or an accomplice swaps the item at the victim’s doorstep with an empty box or a low-value item, which is then sent back to the seller.

4. OTP and KYC Manipulation:
   During or after the pickup, the victim is asked to share OTPs supposedly needed for “refund processing” or “verification.” In some cases, fraudsters may also trick victims into sharing KYC details like Aadhaar or PAN to authenticate the fake return.

5. Refund Credited, But to Fraudster:
   The scammer uses intercepted OTP credentials to initiate a refund or bank transfer from the victim’s account to their own accounts or fake wallets.

6. Victim Realizes Loss Too Late:
   When the legitimate merchant receives the empty box or incorrect item, the refund is processed as per the fake return, but the victim’s product is lost. The victim usually finds out only after contacting customer support post the refund.

Real Warning Signs to Watch For

• Unexpected calls or messages asking to confirm a return pickup for an order you didn’t intend to return.
• Requests for OTPs or personal identity information (like Aadhaar or PAN) linked to your purchase or refund.
• Pickup personnel acting unusually nervous or asking to handle the package themselves.
• Refunds or bank notifications for payments not initiated by you.
• Delivery of empty or damaged boxes during returns.
• Confirmation messages for returns or refunds without your explicit consent.
• High-pressure tactics to share personal data for “processing” refunds quickly.

What Happens to Victims

Victims of Return Swap and Empty Box fraud in India often face financial loss ranging from a few thousand to lakhs of INR. Since UPI and bank accounts are used for refunds, fraudulent transactions bypass the victim’s knowledge, sometimes exploiting SIM swap schemes to intercept OTPs. Once a victim’s KYC data and OTPs are compromised, scammers may misuse Aadhaar and PAN details for further identity fraud.

Apart from monetary loss, victims experience significant emotional stress — dealing with delayed refunds, complicated dispute resolution, and fear of further personal data misuse. Many find recovery difficult because the fraud blends physical courier manipulation with digital attacks, leaving little trace for early detection.

What RBI and CERT-In Say

The Reserve Bank of India (RBI) and CERT-In have issued multiple advisories emphasising secure handling of OTPs and personal identity data during digital transactions. They urge customers not to share OTPs or KYC details over phone calls or WhatsApp, even if the request appears linked to payments or refunds.

CERT-In highlights the need for vigilance against social engineering attacks that exploit courier and e-commerce workflows. The RBI recommends enabling transaction alerts and immediately contacting the bank using official helpline numbers if suspicious transactions appear.

In case of cyber fraud, victims can approach the national cybercrime helpline at 1930 or file complaints at the Ministry of Home Affairs’ portal cybercrime.gov.in. Prompt reporting increases the chance of blocking fraudulent transactions and tracking down credential misuse.

How to Protect Yourself

1. Never share OTPs or KYC documents over phone calls or messages, even if the caller claims to be from your bank or an e-commerce company.
2. Verify return requests directly with the official customer support of the e-commerce platform using known contact numbers or apps.
3. Choose secure pick-up options on the e-commerce site and avoid last-minute return changes suggested via unofficial messages.
4. Carefully inspect packages during pickup; do not allow swapping or packing by untrusted persons outside authorized courier staff.
5. Enable two-factor authentication (2FA) on all your digital payment and banking apps for an extra security layer.
6. Regularly monitor your bank account and UPI transactions for unusual debits or refunds.
7. Use BharatSecure.app to verify suspicious SMS or WhatsApp messages offering refunds, pickups, or asking for personal data before responding or sharing information.

What to Do If You’ve Been Targeted

1. Immediately block your bank account or UPI app by contacting your bank’s official helpline.
2. Report the incident to the 1930 cybercrime helpline and file a complaint on cybercrime.gov.in detailing the fraud.
3. Contact the e-commerce platform’s fraud or customer support to report the false return and discrepancy.
4. Change passwords and revoke access to apps where misuse might have occurred.
5. Notify your mobile operator immediately if you suspect SIM swap or unauthorized SIM activity.
6. Keep digital copies of all communication and transaction records related to the fraud for investigation purposes.

Frequently Asked Questions

Q: How can I tell if a return pickup call is legitimate or a scam?
A: Legitimate returns are usually initiated by you on the e-commerce platform. Verify the request by contacting official customer support via the platform’s app or website. Do not trust unsolicited calls or messages asking for OTPs or personal info.

Q: What should I do if I accidentally shared my OTP during a fake return call?
A: Immediately contact your bank to block transactions and change your payment app PINs. Report the case to the 1930 cybercrime helpline and check your bank statements for unauthorized payments.

Q: Can I get a refund if my product was involved in this scam but I am innocent?
A: Report the fraud to the e-commerce platform and the cybercrime authorities promptly. They may investigate the return records. However, quick action is essential to improve your chances of recovery.

BharatSecure.app encourages all Indian internet users to verify suspicious messages or calls promoting refund pickups before responding. If you suspect fraud, report it immediately to the 1930 cybercrime helpline to protect yourself and others.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.