Rs 20 fake electricity bill, Rs 1.99 lakh cyber fraud, apex consumer body orders SBI to pay up — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 26, 2026

Severity: MEDIUM | View Full Scam Details

Beware the Rs 20 Fake Electricity Bill Scam in India — How It Leads to Rs 1.99 Lakh Cyber Fraud in 2026

A new phishing scam tricks victims with a small Rs 20 fake electricity bill but ends up draining as much as Rs 1.99 lakh from their bank accounts, prompting the apex consumer body to order SBI to refund victims.

What Is the Rs 20 Fake Electricity Bill, Rs 1.99 Lakh Cyber Fraud, Apex Consumer Body Orders SBI to Pay Up?

In 2026, Indian consumers are facing a troubling phishing scam where fraudsters send fake electricity bill reminders demanding a small payment of Rs 20. At first glance, it seems harmless — a trivial amount that many people quickly pay to avoid disconnection or penalties. But this seemingly minor transaction is a bait to lure victims into grinding cybercrime that ultimately drains lakhs from their bank accounts.

The scam targets everyday electricity consumers from cities and towns across India, especially those who pay bills through UPI apps or net banking. Using WhatsApp messages or SMS, scammers impersonate legitimate electricity boards (like BSES, Tata Power, or local DISCOMs) with professional-looking messages. The victim clicks the embedded link for “payment” only to land on a convincing fake payment portal.

The repercussions have been severe enough for the National Consumer Disputes Redressal Commission (NCDRC), India’s apex consumer body, to issue an order forcing the State Bank of India (SBI) to refund Rs 1.99 lakh to a victim who lost that amount after paying the Rs 20 fake bill. This highlights not only the scale of the fraud but also the banks' responsibility in protecting customers. The scam has been reported to cyber authorities including CERT-In and I4C, who continue to issue advisories on mobile payment phishing.

How This Scam Works — Step by Step

1. Fake Electricity Bill Alert via WhatsApp or SMS: The victim receives a seemingly genuine message claiming an unpaid electricity bill of Rs 20 or a small pending amount needing urgent payment to avoid disconnection.

2. Click on the Malicious Link: The message contains a link resembling the official electricity board’s portal (e.g., “pay.bsesbilling.in” or a similar fake domain).

3. Landing on a Phishing Payment Page: Once the victim clicks, they reach a fake payment website that mimics the real electricity board payment gateway. They are prompted to enter their bank UPI ID or card details.

4. Enter Payment Details and OTP: When proceeding with the Rs 20 payment, the victim is asked to enter a One Time Password (OTP) sent via SMS or UPI confirmation. The fraudsters cleverly intercept these OTPs using SIM swap scams or malware.

5. Large Money Transfer Without Consent: Behind the scenes, fraudsters exploit the victim's bank credentials and OTPs to authorize additional fraudulent UPI transactions — sometimes draining up to Rs 1.99 lakh or more.

6. Victim Only Realizes After Transaction Alerts: The victim receives bank alerts for multiple unauthorized transactions. By this stage, the scammer has already siphoned significant funds.

Real Warning Signs to Watch For

• Unsolicited WhatsApp or SMS claiming a tiny unpaid electricity bill from unknown or unofficial numbers.
• Links in messages that don’t match official electricity board URLs — misspellings or strange domain names.
• Requests to enter OTPs or passwords on unfamiliar websites.
• Pressure or urgency in the message to pay immediately, warning of service cutoffs.
• Payments requested via UPI or net banking outside official channels.
• Unexpected bank alerts or OTP requests when no payment was intended.
• Poor grammar, spelling mistakes, or inconsistent branding in the message.

What Happens to Victims

Victims often first feel a sense of disbelief as they think, “How can Rs 20 cause a big problem?” But once their bank accounts start showing deductions of thousands or lakhs, panic sets in. Financially, it can be devastating, especially for middle-class families and senior citizens who rely on their savings or pension.

Because UPI transactions are instant and irreversible, victims find it difficult to recover funds without bank cooperation. Aadhaar authentication is sometimes fraudulently combined with SIM swap attacks, allowing scammers to bypass security and authorize payments. Emotional toll includes stress, loss of trust in digital payments, and fear of identity theft.

What RBI and CERT-In Say

The Reserve Bank of India (RBI) has repeatedly warned consumers to avoid sharing OTPs, secret PINs, or banking credentials with anyone, emphasizing the importance of verifying payment URLs. The RBI May 2024 Cybersecurity Bulletin specifically flagged phishing attacks via mobile messaging apps.

CERT-In (Indian Computer Emergency Response Team) urges vigilance when receiving payment requests and recommends immediately reporting suspected phishing websites or fraudulent messages. Both organisations have set up helplines: the RBI toll-free number 1800-112-200 and the 1930 cybercrime helpline launched for reporting digital fraud quickly.

How to Protect Yourself

1. Verify any electricity bill message directly on the official electricity board website or app — never trust links from SMS or WhatsApp.
2. Avoid clicking links received via unsolicited messages or calls demanding payment.
3. Check the URL carefully; official government or utility websites end with .gov.in or .nic.in domains.
4. Never share OTPs or banking passwords with anyone, even if they claim to be from your bank or utility company.
5. Use two-factor authentication and biometric locks on your UPI and banking apps.
6. Regularly update your smartphone software and use antivirus apps approved by CERT-In.
7. Immediately block your SIM with your telecom operator if you suspect SIM swap fraud or unsolicited OTP messages.

What to Do If You’ve Been Targeted

• Immediately call your bank’s fraud helpline and report unauthorized transactions to block further money transfers.
• Change all your passwords and UPI PINs promptly.
• File a complaint at cybercrime.gov.in and register a FIR with your local police cyber cell citing phishing and fraud.
• Contact the 1930 Cybercrime Helpline for expert assistance.
• Notify your mobile operator to block or deactivate your SIM if you suspect SIM cloning or theft.
• Keep documentation of all messages, payment confirmations, and bank statements for investigation.
• Approach your bank (like SBI) to request chargeback or refund, citing orders by consumer protection bodies if possible.

Frequently Asked Questions

Q1: What if I accidentally paid the Rs 20 fake electricity bill link — am I at risk of losing money?
Yes, if you only paid Rs 20 and did not enter further OTPs or bank details on doubtful sites, your risk is lower. But always monitor your bank and UPI accounts for suspicious activity immediately after.

Q2: Can my bank block the fraudulently deducted money?
Banks are obligated by RBI guidelines to assist customers in fraud cases, but recovery depends on timing and proof. Early reporting increases chances of blocking or refund.

Q3: How can I confirm if an electricity bill message is genuine?
Cross-verify by logging into the electricity board’s official website or app. Do not trust links or phone numbers sent via WhatsApp or SMS alone.

Stay alert and protect yourself from digital frauds like the Rs 20 fake electricity bill scam. If you receive suspicious messages or links, never click or share your details blindly. Verify every payment demand at BharatSecure.app — India’s trusted platform for digital fraud awareness and protection.