SBI ordered to refund Rs 1.99 lakh in fake electricity bill cyber fraud case — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 27, 2026

Severity: MEDIUM | View Full Scam Details

SBI Ordered to Refund Rs 1.99 Lakh in Fake Electricity Bill Cyber Fraud Case – A 2026 Warning for Every Indian

Millions of Indians are at risk of losing money through phishing scams disguised as fake electricity bills — a recent case where SBI was ordered to refund nearly Rs 2 lakh highlights how serious these frauds have become.

What Is the SBI Ordered to Refund Rs 1.99 Lakh in Fake Electricity Bill Cyber Fraud Case?

This scam involves fraudsters sending fake electricity bill notifications to unsuspecting victims, often for a small amount, like Rs 20, to avoid raising suspicion. The victim receives this message via WhatsApp, SMS, or email, which appears to be from a legitimate utility company, prompting them to click on a link or make a payment through UPI. However, the link redirects the victim to a phishing website designed to steal personal credentials, bank details, or Aadhaar-linked data.

In a landmark ruling in 2026, the State Bank of India (SBI) was ordered to refund Rs 1.99 lakh to a victim who lost this amount after falling prey to such a phishing attempt. This case throws a spotlight on how banks and payment platforms need to take greater responsibility for victims of cyber fraud. The scam is widespread across India, particularly targeting digitally active users who receive multiple UPI payment requests or billing alerts daily.

The Reserve Bank of India (RBI), the Indian Cyber Crime Coordination Centre (I4C), and CERT-In have all issued advisories urging citizens to verify the authenticity of digital payment requests and unsolicited messages. Despite these warnings, many users are still unaware of the phishing tactics that scamsters employ, highlighting the need for greater public awareness.

How This Scam Works — Step by Step

1. Initial Contact via WhatsApp, SMS, or Email: The victim receives a message claiming to be from their electricity utility, stating an outstanding bill of a small amount (e.g., Rs 20).

2. Enticing the Victim to Act Quickly: The message states that non-payment will lead to disconnection or penalties, prompting quick action.

3. Phishing Link Provided: The message includes a clickable link that takes the victim to a fake bill payment page that looks identical to the official electricity board’s website.

4. Phishing Site Asks for Personal Information and Bank Details: The victim is asked to enter login credentials, Aadhaar number, or UPI PIN, unknowingly sharing these details with scammers.

5. Authentication and Payment Request via UPI: The scam site generates a UPI payment request or OTP verification that the victim approves, thinking they are paying their electricity bill.

6. Fund Transfer and Data Harvesting: Once the victim approves, their bank account or UPI wallet is debited the scam amount, often exceeding the initial small bill, sometimes in multiple transactions.

7. Money Disappears, Fraudsters Vanish: Victims realize their money is gone only after receiving transaction alerts. The scammers often use SIM swap techniques or multiple devices, making tracing difficult.

Real Warning Signs to Watch For

• Unsolicited messages claiming to be from electricity providers, especially with unusually low bills (like Rs 10-20).
• Links that do not start with the official URL of the electricity company.
• Urgent threats of disconnection or late fees for small amounts.
• Requests for Aadhaar, bank passwords, UPI PINs, or OTPs to "complete payment."
• Multiple payment requests within a short time frame from unknown UPI IDs.
• Poor language, spelling mistakes, or unofficial logos in the message or website.
• Unexpected payment confirmation messages from UPI apps that you did not initiate.

What Happens to Victims

Victims of this scam often suffer substantial financial losses because their bank accounts linked to UPI and Aadhaar get compromised. Many real-life cases show victims losing lakhs due to multiple unauthorized transactions facilitated by fraudsters exploiting stolen data and SIM swap attacks. Recovering money through banking channels is tough; while RBI guidelines allow blocking and reversing some unauthorized transactions, success depends on how quickly the victim reports the issue. Emotionally, victims experience stress, anxiety, and loss of trust in digital payment systems, which are increasingly central to daily life in India.

What RBI and CERT-In Say

RBI has issued several circulars emphasizing that customers should never share UPI PINs or OTPs with anyone and warned against responding to unsolicited billing or payment requests. The central bank mandates banks to have a grievance redress system including dedicated helpline numbers to respond quickly. CERT-In and the I4C have also circulated advisories urging citizens to use official apps, verify URL authenticity, and be suspicious of small-value payment demands with urgent warnings.

If you face a cyber fraud incident, RBI’s banking ombudsman and cyber fraud helpline (contact the RBI helpline or report at 1930, the national cybercrime helpline) are your first contacts for assistance and guidance on next steps. Banks like SBI are increasingly being held accountable for lapses in fraud detection and prevention following these rulings.

How to Protect Yourself

1. Verify Payment Requests: Always cross-check the bill amount and payment links by visiting your electricity board’s official website or app directly — never click on unsolicited links.

2. Never Share Sensitive Info: Never provide your Aadhaar number, UPI PIN, or OTPs via messages or calls, even if they appear official.

3. Use Official Payment Apps: Make payments only through official bank or utility apps; avoid third-party links sent via WhatsApp or SMS.

4. Enable Multi-Factor Authentication: Use additional authentication layers on your bank and Aadhaar-linked accounts.

5. Install Updates and Security Apps: Keep your phone’s OS and apps updated and use antivirus apps approved by CERT-In.

6. Be Cautious of Small Amount Bills: Recognize that bills as small as Rs 10-20 are often a tactic to disarm you into making quick payments.

7. Report Suspicious Messages: Forward suspicious SMS or WhatsApp messages to your bank and to cybercrime authorities immediately.

What to Do If You’ve Been Targeted

• Immediately block your UPI payments via the banking app or by calling your bank’s fraud helpline.
• Report the transaction to your bank and file a complaint under the RBI’s customer grievance redressal system.
• File a complaint with the Cyber Crime Reporting Portal of India at cybercrime.gov.in.
• Call the national cybercrime helpline at 1930 to report the incident and receive guidance.
• Inform your mobile network provider if you suspect SIM swap fraud and get a new SIM issued.
• Change all linked passwords and PINs, including your Aadhaar gateway logins.
• Keep records of all communication and transaction failure notices to assist law enforcement or bank investigations.

Frequently Asked Questions

Q: Can SBI or my bank be forced to refund money lost to scams like this?
Yes, as seen in the recent Rs 1.99 lakh refund case, banks can be held responsible if they fail to follow security protocols or detect fraud in time. RBI guidelines support victims, but prompt reporting is crucial.

Q: How do scammers get my Aadhaar or bank info if I don’t share it?
Scammers use public social media data and leaked databases to personalize attacks, making their phishing messages seem legitimate and persuasive.

Q: What should I do if I receive a fake electricity bill message?
Do not click any links. Instead, verify your electricity bill status by logging into the official utility website or app and report the suspicious message to your bank and cybercrime authorities immediately.

If you receive suspicious payment requests or messages about utility bills, don’t rush. Verify before you act! Visit BharatSecure.app to check the authenticity of messages and learn how to protect yourself from cyber fraud. Stay safe, India!