Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17) — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated Apr 29, 2026

Severity: HIGH | View Full Scam Details

Beware! Iran-Linked Phishing Attacks Targeting India: Stay Safe in 2026

Phishing attacks linked to Iran are on the rise, posing significant cyber risks to individuals and organisations in India. This updated alert details what you need to know.

What Is the Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)?

This specific threat refers to a wave of sophisticated phishing attacks believed to be orchestrated by groups potentially linked to Iran. These attacks are not random; they are often targeted, meaning that specific individuals or organisations are deliberately chosen as victims. The attacks aim to steal sensitive information like login credentials (usernames and passwords), financial details (bank account numbers, credit card information), or personal data (Aadhaar details, PAN card information).

In India, these attacks could manifest as emails, SMS messages, or even WhatsApp messages designed to look like official communication from government agencies, banks, or popular online services. The attackers may impersonate entities like the Income Tax Department, RBI, SBI, HDFC Bank, or even UPI payment providers like PhonePe or Google Pay. They exploit current events or anxieties to lure victims into clicking malicious links or downloading infected attachments. While there haven’t been specific large-scale advisories directly referencing Iran-linked attacks targeted at individuals, both CERT-In (the Indian Computer Emergency Response Team) and RBI regularly issue warnings about phishing and other online scams that use similar techniques.

How This Scam Works — Step by Step

Here's a typical scenario of how these phishing attacks unfold:

1. Initial Contact: You receive an email, SMS, or WhatsApp message. The message is crafted to create a sense of urgency or fear. For example, it might claim:
   • "Your bank account has been compromised! Click here to verify your details."
   • "Your Aadhaar card needs immediate update."
   • "You have won a lottery! Claim your prize now."
   • "Urgent payment request. Pay immediately to avoid late fees."
2. Fake Website/Form: The link in the message redirects you to a website that looks very similar to the official website of the impersonated organization (e.g., your bank's website). This is a fake website designed to steal your information. Alternatively they provide a form in the email itself.
3. Information Capture: You are asked to enter your personal information, such as your username, password, bank account number, credit card details, OTP (One-Time Password), Aadhaar number, or PAN card details.
4. Information Theft: Once you submit the information, it is immediately sent to the attackers.
5. Account Takeover/Fraud: The attackers then use this stolen information to access your accounts, make fraudulent transactions, steal your identity, or commit other financial crimes. They may use your UPI credentials to transfer money from your bank account, apply for loans in your name using stolen KYC details, or sell your personal information on the dark web.

Real Warning Signs to Watch For

• Suspicious Sender: Check the sender's email address or phone number carefully. Look for misspellings, unusual characters, or domains that don't match the official organization. Is it "@rbi.org.in" or "@rbi-help.com"? That makes a difference!
• Urgent/Threatening Tone: The message creates a sense of urgency or fear, pressuring you to act immediately without thinking.
• Unsolicited Communication: You receive a message from an organization you don't have any existing relationship with.
• Grammar and Spelling Errors: Phishing emails often contain grammatical errors or typos. Banks and government organizations have professional communications teams.
• Request for Personal Information: Legitimate organizations will rarely ask you to provide sensitive personal or financial information via email or SMS.
• Unusual Links: Hover over the link before clicking to see the actual URL. If it looks suspicious or doesn't match the organization's website, don't click it.
• Demanding OTP or PIN: A legitimate organisation will never ask for your OTP or UPI PIN.

What Happens to Victims

The consequences of falling victim to these phishing attacks can be severe. Financially, victims may lose significant amounts of money due to fraudulent transactions from their bank accounts or credit cards. They may also face identity theft, where their personal information is used to open fake accounts, apply for loans, or commit other crimes. Emotionally, victims often experience stress, anxiety, and a feeling of violation. Reversing fraudulent UPI transactions can be challenging, and dealing with the aftermath of identity theft can be a lengthy and complicated process. Moreover, misuse of Aadhaar alongside sensitive information can lead to severe security issues. SIM swapping fraud, triggered by leaked PII, also worsens the situation.

What RBI and CERT-In Say

RBI regularly issues public awareness campaigns through various channels, advising customers to be cautious of phishing attacks, never share their PINs or OTPs, and report any suspicious activity to their banks immediately. CERT-In also issues advisories about ongoing cyber threats and provides guidelines on how to protect yourself. Although specific Iran-linked individual cases might not be cited directly, their general warnings on phishing, vishing (voice phishing), and smishing (SMS phishing) are highly relevant. You can often find these alerts on the websites of major Indian banks as well. Both RBI and CERT-In emphasise reporting incidents to the national cybercrime reporting portal. The RBI also provides a banking ombudsman scheme to address unresolved complaints against regulated entities.

How to Protect Yourself

1. Be Skeptical: Treat all unsolicited emails, SMS messages, and WhatsApp messages with caution, especially those asking for personal information or promising rewards.
2. Verify the Sender: Independently verify the sender's identity by contacting the organization directly through their official website or phone number. Do not use the contact information provided in the suspicious message.
3. Never Share Sensitive Information: Never share your username, password, bank account number, credit card details, OTP, Aadhaar number, PAN card details, or UPI PIN with anyone online or over the phone.
4. Use Strong, Unique Passwords: Use strong, unique passwords for all your online accounts and enable two-factor authentication (2FA) wherever possible.
5. Keep Your Software Updated: Keep your operating system, web browser, and antivirus software updated to protect against known vulnerabilities.
6. Beware of Suspicious Links: Avoid clicking on links or downloading attachments from suspicious emails or messages. Always check the URL before clicking.
7. Enable UPI Security Features: Use UPI security features like transaction limits and UPI PIN protection to prevent unauthorized transactions.

What to Do If You've Been Targeted

1. Report Immediately: Immediately report the incident to the National Cyber Crime Reporting Portal (cybercrime.gov.in) and your local police station.
2. Call the Cybercrime Helpline: Contact the cybercrime helpline at 1930.
3. Freeze Your Accounts: Contact your bank and other financial institutions to freeze your accounts and change your passwords.
4. Change Passwords: Change passwords for all your online accounts, especially those that may have been compromised.
5. Monitor Your Credit Report: Monitor your credit report for any unauthorized activity.
6. Report to the Organization: If the phishing attack impersonated a specific organization, report the incident to them.
7. File a Complaint: File a formal written complaint with your bank/financial institution detailing the fraud. This is necessary for insurance claims and further investigation.

Frequently Asked Questions

Q: How can I tell if a website is fake?

A: Look for the "lock" icon in the address bar, indicating a secure connection (HTTPS). Check the website's URL carefully for misspellings or variations in the domain name. Also, examine the website's design and content for inconsistencies or unprofessional appearance.

Q: What should I do if I accidentally clicked on a phishing link but didn't enter any information?

A: Run a full scan of your computer with a reputable antivirus program. Change your passwords for all your important online accounts, especially your email and banking accounts. Be extra vigilant for suspicious emails or messages in the coming days.

Q: What if I accidentally disclosed my UPI PIN in a phishing attack?

A: Immediately contact your bank to block your UPI account and change your UPI PIN. You should also report the incident to the cybercrime helpline and register a complaint on the National Cyber Crime Reporting Portal.

Remember to stay vigilant and verify any suspicious messages you receive. Protect yourself from fraud by checking message authenticity on BharatSecure.app before it's too late!