Fake NCRF Cybersecurity Grant Scam — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated Jun 09, 2026

Severity: High | View Full Scam Details

Beware in 2026: The Fake NCRF Cybersecurity Grant Scam Targeting India’s Small Businesses and Professionals

A new high-risk fraud scheme is duping unsuspecting Indians with fake offers of cybersecurity grants from the “NCRF,” leaving victims vulnerable to financial loss.

What Is the Fake NCRF Cybersecurity Grant Scam?

This scam involves fraudsters impersonating officials from the National Cybersecurity Response Framework (NCRF) or similarly named government-aligned bodies. They contact small business owners, hospital administrators, tech professionals, and others, mostly via WhatsApp and email, promising financial grants or subsidies aimed at improving cybersecurity infrastructure.

The scheme has gained traction in India following recent news of major cybersecurity incidents like the AIIMS cyberattack, which heightened public awareness and anxiety about digital safety. Scammers exploit this context by offering “cybersecurity grants” as urgent, limited-time opportunities. Though the NCRF is a genuine framework aimed at cyber threat response and capacity building, these unsolicited grant offers are not authorized and are part of a widespread fraud pattern reported to cybercrime units across multiple states.

According to public complaints and advisories from Indian cybersecurity bodies like CERT-In and I4C, these fraudulent schemes are increasingly reported, especially targeting those who have recently faced cyber incidents or expressed concern about data breaches. Given the growing use of UPI payments and WhatsApp communication, the scam poses a high risk to individuals and organisations unfamiliar with official government grant application procedures.

How This Scam Works — Step by Step

1. Initial Contact via WhatsApp or Email
   Victims receive a message appearing to be from NCRF or a “Cyber Defense Unit.” The message cites recent cyberattacks in India (e.g., AIIMS) and offers a cybersecurity grant of Rs. 50,000 to Rs. 2,00,000, supposedly to help prevent future breaches.

2. Verification Call From “Officials”
   The caller claims to be an NCRF representative and asks the victim to verify their identity by sharing Aadhaar details or PAN numbers “for eligibility check” and to sign an online document.

3. Sharing UPI or Bank Details
   The victim is asked to provide UPI IDs (e.g., us**@hdfcbank) or bank account numbers to “receive the grant.” Scammers may send fake confirmation links or QR codes that lead to phishing websites.

4. Requests for Advance Payments or “Verification Charges”
   Before disbursing the grant, victims are told to pay small “processing fees” via UPI or bank transfer. Sometimes they are asked to download remote access software under the pretense of document verification.

5. Money Is Stolen; Accounts Are Compromised
   Once access or payment information is provided, the scammers proceed to empty bank accounts via UPI transactions, misuse Aadhaar data, or initiate SIM swap frauds to bypass OTPs and credentials.

6. Victims Often Realize Too Late
   By the time victims detect unauthorized debits or identity misuse, it becomes difficult to reverse transactions or freeze compromised data assets.

Real Warning Signs to Watch For

• Messages or calls from “NCRF” offering unsolicited grants without any prior application.
• Requests to share Aadhaar, PAN card, or bank details upfront.
• Instructions to pay “processing” or “verification” fees before receiving any funding.
• Use of WhatsApp numbers or personal emails instead of official government email domains.
• Links or QR codes leading to suspicious or unsecured websites.
• High pressure tactics mentioning recent cyberattacks or deadlines to create urgency.
• Offers to download software or apps for remote access or document signing.

What Happens to Victims

Victims may lose thousands or lakhs of rupees through unauthorized UPI payments or bank transfers. Fraudsters may also misuse stolen Aadhaar or PAN data for opening fake accounts or loans. In some cases, SIM swap frauds lead to further compromise of mobile banking transactions, making it hard for victims to recover funds.

Beyond financial loss, victims experience stress and helplessness, especially professionals and small business owners already burdened with operational challenges. Some hospitals and clinics targeted by this scam reported disruptions in digital services after realizing their systems were accessed remotely under false pretenses.

What RBI and CERT-In Say

The Reserve Bank of India (RBI) has issued multiple warnings cautioning users against sharing sensitive information or making payments to unknown persons promising government grants or subsidies. RBI’s guidelines emphasize never sharing OTPs or PINs.

CERT-In (Indian Computer Emergency Response Team) and I4C’s cybercrime.gov.in portal regularly update advisories on phishing scams and fraudulent schemes exploiting current events. They urge citizens to verify government communications only through official channels and to report cyber fraud promptly.

For suspicious incidents, individuals can call the national cybercrime helpline at 1930 or lodge complaints via the cybercrime.gov.in portal.

How to Protect Yourself

1. Confirm grant offers by directly contacting NCRF or government bodies through official websites before sharing information.
2. Never share Aadhaar, PAN, OTP, UPI PIN, or bank details with unsolicited callers or messages.
3. Avoid paying any advance fees for receiving government grants or subsidies.
4. Do not click on links or scan QR codes from unknown or suspicious sources.
5. Verify WhatsApp message sender numbers with official contacts—government agencies don’t typically use WhatsApp for such sensitive matters.
6. Use two-factor authentication on UPI apps and bank accounts for added security.
7. Keep your mobile number secured; report immediate loss or SIM swap suspicion to your telecom operator.

What to Do If You've Been Targeted

• Immediately contact your bank to freeze or block affected accounts.
• Change all UPI and bank transaction PINs.
• Report the incident to the cybercrime.gov.in portal with specific details.
• Call the 1930 cybercrime helpline for assistance.
• Inform your mobile operator if a SIM swap is suspected.
• File a police complaint at your local cybercrime cell with screenshots and transaction evidence.
• Monitor financial statements and credit for any unauthorized activity.

Frequently Asked Questions

Q: Can the NCRF really offer cybersecurity grants directly by WhatsApp or calls?
No, official government grants are processed through formal online portals or authorised agencies. NCRF does not solicit sensitive data or payments through WhatsApp or phone calls.

Q: What if I shared my Aadhaar or bank details already?
Immediately alert your bank and consider Aadhaar and PAN data monitoring services or lock options. The sooner you act to block transactions, the better your chances to prevent loss.

Q: How can I verify if a message about a grant is legitimate?
Visit the official NCRF or Ministry of Electronics and IT websites for announcements. Do not trust unsolicited messages or calls—always cross-check through official channels.

For any suspicious messages or calls, double-check their legitimacy at BharatSecure.app and report all cyber fraud attempts to the 1930 helpline.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.