Silent Ransom Group Impersonating IT Personnel Through Social Engineering — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 29, 2026

Severity: CRITICAL | View Full Scam Details

Beware in 2026: Silent Ransom Group Impersonating IT Personnel Scam in India

A new phishing threat in India known as the Silent Ransom Group targets people by impersonating IT staff to steal money and sensitive data.

What Is the Silent Ransom Group Impersonating IT Personnel Through Social Engineering?

This scam involves fraudsters pretending to be IT support personnel from well-known companies or government offices. They contact victims via phone calls, WhatsApp messages, or emails, claiming to resolve urgent technical problems or security issues. In many cases reported to police, the callers convince targets to share OTPs, Aadhaar details, or UPI PINs, often under the guise of enabling "remote assistance" or fixing security breaches.

The scam focuses on Indian internet users and employees working remotely who may already be wary of cyber risks, yet get trapped by the scammers' convincing social engineering tactics. The Silent Ransom Group is reportedly growing in reach, with multiple complaints registered across states including Maharashtra, Karnataka, and Delhi.

Official bodies like the Indian Computer Emergency Response Team (CERT-In) and the Indian Cyber Crime Coordination Centre (I4C) have issued general advisories warning about impersonation scams targeting IT personnel credentials and urging vigilance. The Reserve Bank of India (RBI) has reminded users not to share UPI details or OTPs with anyone, especially through unsolicited calls or messages.

How This Scam Works — Step by Step

1. Initial Contact: The victim receives a phone call or WhatsApp message from a number posing as IT support, often claiming to be from their company’s IT department or a government agency.

2. Establish Trust: The caller explains an urgent issue, such as a malware infection, account compromise, or Aadhaar linking problem, pressing the victim to act fast.

3. Request for Access: The scammer asks the victim to install a remote access app or share sensitive information like Aadhaar number, OTPs, or UPI PIN under the pretext of “verifying” or “securing” their accounts.

4. Financial Theft Begins: With the acquired details and access, the fraudsters transfer money through UPI apps, autodebit banking apps, or even misuse Aadhaar to request services or loans fraudulently.

5. Silencing the Victim: In some cases, the scammers threaten legal action or warn the victim against disclosing the call, discouraging them from reporting the incident promptly.

Real Warning Signs to Watch For

• Unexpected calls or messages claiming to be from IT staff or government agencies.
• Pressure tactics demanding immediate action or sharing of OTPs, UPI PINs, or Aadhaar numbers.
• Requests to install remote access software or apps from unofficial sources.
• Offers to “help” fix technical problems without independent verification.
• Callers who refuse to provide verifiable contact details or official email IDs.
• Threats or scare tactics about legal consequences or account suspension.
• Unsolicited messages containing links or QR codes to “update” information.

What Happens to Victims

Victims often suffer immediate financial loss as scammers drain UPI wallets or bank accounts. Because UPI transactions are fast and irreversible, victims may find it difficult to recover money, even after reporting. Apart from money loss, the emotional distress is significant — victims feel betrayed, scared, and embarrassed.

In some cases, Aadhaar details captured are misused to open fake SIM cards through SIM swap fraud, causing extended identity theft problems. Victims must then deal with unauthorized loans or services taken in their name, a complex and time-consuming process to resolve. The damage often affects credit scores and bank relationships due to fraudulent transactions, making normal financial activities cumbersome.

What RBI and CERT-In Say

The Reserve Bank of India explicitly warns against sharing OTPs, UPI PINs, or bank details over calls or WhatsApp messages, emphasizing that no bank or government agency will ever ask for this information unsolicited.

CERT-In advises users to verify identities of callers claiming to be IT personnel by contacting official numbers and to avoid installing unknown remote access tools. They also stress the importance of updating device security and immediately reporting suspicious activities to cybercrime authorities.

For assistance, victims can call the national cybercrime helpline at 1930 or the RBI helpline at 14567 to register complaints and seek help for financial frauds.

How to Protect Yourself

1. Never share OTPs, UPI PINs, Aadhaar details, or passwords with unsolicited callers or messages.
2. Verify caller identity by contacting your company IT department or the official agency directly using known contact numbers.
3. Do not install remote access apps sent via messages from unknown sources.
4. Use UPI apps’ built-in security features like biometric authentication and transaction limits.
5. Regularly update your phone’s OS and installed apps to patch security vulnerabilities.
6. Register your mobile number with the Do Not Disturb (DND) registry to reduce spam calls.
7. If asked for Aadhaar info, double-check with UIDAI’s official portals before sharing any details.

What to Do If You've Been Targeted

1. Immediately block and record the scammer's phone number or WhatsApp ID.
2. Contact your bank or UPI service provider to freeze or restrict transactions.
3. Change passwords and disable remote access apps you might have installed.
4. Report the incident on the official cybercrime portal at cybercrime.gov.in.
5. Call the national cybercrime helpline at 1930 for guidance on next steps.
6. Inform your telecom provider if you suspect SIM swap or misuse.
7. Consider filing a police complaint with a scaled description of the scam.

Frequently Asked Questions

Q: Can banks recover money lost due to this scam?
A: Generally, UPI and online banking transactions are irreversible once completed. RBI advises immediate reporting to banks and cybercrime authorities to increase chances of recovery, but success is not guaranteed.

Q: How can I verify if a call is truly from my IT department?
A: Hang up and contact your company’s official IT helpdesk number listed on internal portals or websites. Do not use numbers provided in the suspicious call or message.

Q: What if I accidentally installed a remote access app during the call?
A: Uninstall the app immediately, reset your phone if possible, change all related passwords, and notify your bank and cybercrime helpline promptly.

For any suspicious messages or calls, always verify at BharatSecure.app and report fraud immediately via the national cybercrime helpline at 1930.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.