Two duped of 43.4L in e-fraud — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 27, 2026

Severity: HIGH | View Full Scam Details

Two Duped of ₹43.4 Lakh in E-Fraud Scam in India 2026: How Phishing on WhatsApp and Social Media Leads to Massive Losses

Millions of Indians face the risk of losing lakhs due to sophisticated phishing scams that exploit trust on social media and messaging apps.

What Is the Two Duped of ₹43.4 Lakh in E-Fraud?

In early 2026, two individuals in Kolkata fell victim to a highly sophisticated phishing scam, resulting in a staggering combined loss of ₹43.4 lakh. This scam highlights how fraudsters are increasingly targeting ordinary citizens via popular platforms like WhatsApp and Facebook to trick them into giving away sensitive financial information.

Phishing scams in India are on the rise, especially those that prey on trust built through social media and messaging apps. Scammers impersonate friends, family, or even official customer service representatives to lure victims into divulging One-Time Passwords (OTPs), UPI PINs, or Aadhaar-linked details. With India’s growing digital payment ecosystem—UPI transactions crossing thousands of crores daily—attackers see abundant opportunity in this landscape.

The Indian government takes these threats seriously. Bodies like RBI, CERT-In, and the Indian Cyber Crime Coordination Centre (I4C) regularly issue advisories cautioning citizens about phishing attacks targeting UPI payments and Aadhaar-linked services. Despite awareness efforts, the use of urgency and fear tactics continues to trap many unsuspecting users.

How This Scam Works — Step by Step

Phishing scams like the Kolkata case typically follow this clear pattern:

1. Initial Contact on WhatsApp or Social Media: The scammer sends a message pretending to be a trusted contact, a bank representative, or a government official. This message may claim there is suspicious activity on your account or a need for immediate verification.

2. Building Trust Quickly: To gain credibility, the fraudster may use fake profile pictures, mimic official language, or even hack a friend’s account to message on their behalf.

3. Creating Panic or Urgency: They warn of fund seizures, failed transactions, or Aadhaar verification failures—scenarios designed to scare you into acting fast without thinking.

4. Request for Sensitive Information: The scammer asks for OTPs, UPI PINs, or Aadhaar details under the guise of “verifying” your account or “reactivating” blocked services.

5. Instructing to Install Harmful Apps or Links: Sometimes, the victim is tricked into installing fake banking apps or clicking malicious URLs, which steal login credentials and allow the scammer access.

6. Transfer of Funds Without Consent: Using the information obtained, the fraudster initiates unauthorized UPI or net banking transfers, draining money from the victim’s account.

7. Vanishing Without a Trace: Once the money is transferred, scammers block the victim and erase evidence, making recovery difficult.

Real Warning Signs to Watch For

• Unsolicited messages claiming urgent action needed on your bank or Aadhaar account.
• Requests to share OTPs, PINs, or Aadhaar details via chat or call.
• Pressure to act immediately to avoid fund seizure or account suspension.
• Messages from unknown numbers or profiles with minimal contacts or activity.
• Links that redirect to non-official banking or UIDAI websites.
• Inconsistent or poor Hindi/English language in supposedly official communication.
• Requests to download apps outside legitimate app stores or install APK files.

What Happens to Victims

Victims of such phishing scams in India face severe financial damage and emotional distress. Losing lakhs can be devastating, especially for salaried individuals or small business owners who rely on digital payments for daily transactions. Since UPI transactions are instantaneous and usually irreversible, it’s extremely hard to recover lost funds once transferred.

Beyond money, victims often suffer from anxiety, loss of trust in digital payments, and embarrassment, which sometimes delay reporting the scam. The misuse of Aadhaar details can lead to identity theft, further complicating financial recovery and credit histories.

In many cases, victims also experience SIM swap frauds afterward, where scammers take control of their mobile numbers to bypass two-factor authentication and cause deeper breaches.

What RBI and CERT-In Say

The Reserve Bank of India (RBI) regularly warns users to never share OTPs or UPI PINs with anyone, even if they claim to be bank officials. RBI’s framework insists that banks implement two-factor authentication and keeps urging customers to verify communication channels.

CERT-In, India’s cybersecurity incident response team, advises citizens to be skeptical of unsolicited calls or messages asking for personal financial details. They emphasize downloading apps only from official sources like Google Play Store and Apple App Store.

The 24x7 National Cyber Crime Helpline (phone number 1930) and the RBI customer grievance number are official avenues to report such frauds immediately. The Indian Cyber Crime Coordination Centre (I4C) also coordinates investigations against digital fraud.

How to Protect Yourself

1. Never share OTPs, UPI PINs, or Aadhaar details on calls or WhatsApp messages, even from ‘official’ numbers.
2. Verify unexpected messages by calling your bank or the official helpline separately before taking action.
3. Check sender profiles carefully – spoofed accounts often have few contacts or suspicious details.
4. Avoid clicking on links or downloading apps sent via unsolicited messages.
5. Set transaction limits on your UPI and net banking accounts to minimize losses.
6. Enable biometric lock on your banking apps for additional security.
7. Regularly update your mobile phone’s OS and banking apps to patch vulnerabilities.

What to Do If You’ve Been Targeted

1. Immediately block your bank cards and UPI apps through your bank’s customer service.
2. File a complaint with your bank and request transaction reversal if possible.
3. Report the scam to the National Cyber Crime Helpline at 1930 or online at cybercrime.gov.in.
4. Inform your mobile operator if you suspect SIM swap or compromise.
5. Change all related passwords and PINs promptly.
6. Keep screenshots and evidence of communications handy for filing FIR or police reports.
7. Report the incident to CERT-In or I4C if guided by law enforcement.

Frequently Asked Questions

Q: Can I get back the money lost through a phishing UPI transaction?
A: Due to the instantaneous nature of UPI, fund reversals are difficult but not impossible. Report immediately to your bank and cybercrime authorities. RBI mandates banks to respond swiftly to complaints, but prevention is always better.

Q: How can I verify if a WhatsApp message claiming to be from my bank is real?
A: Never trust links or requests for OTPs in WhatsApp messages. Call your bank on the official helpline number or check their verified website for any alerts or messages.

Q: Is it safe to share Aadhaar details online?
A: Aadhaar details should only be shared on official government platforms and only when necessary. Avoid sharing your Aadhaar or OTPs over chat platforms or phone calls to strangers.

Protect yourself in 2026 by staying alert and cautious. If you ever receive suspicious messages or calls asking for your banking information, don’t rush to respond. Verify first! You can always check suspicious messages for fraud risks on BharatSecure.app — India’s trusted platform for digital fraud awareness and prevention. Stay safe, stay informed!