International cyber agencies share fresh advice to defend against China-linked covert networks — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated Jun 10, 2026

Severity: Critical | View Full Scam Details

New Phishing Threat in 2026: India Faces Rising Risks from China-Linked Covert Cyber Networks

A critical phishing scam tied to China-linked covert cyber networks is targeting Indian citizens and businesses, with international cyber agencies issuing fresh warnings to stay alert.

What Is the International Cyber Agencies' Warning About China-Linked Covert Networks?

In 2026, Indian internet users and organisations are increasingly under threat from sophisticated phishing campaigns linked to covert cyber networks reportedly connected to actors based in China. Several international cybersecurity agencies have recently shared updated advice highlighting the scale and severity of these attacks, calling them a critical risk to individuals and critical infrastructure. According to reports, these campaigns aim to steal sensitive financial data and breach secure systems, often targeting Indian banking customers and government employees.

The scam primarily focuses on phishing through emails, SMS, and even voice calls that impersonate trusted entities, including banks regulated by the Reserve Bank of India (RBI) and government departments monitored by CERT-In. Citizens have reported receiving fraudulent OTP requests and fake messages appearing to come from UPI platforms or Aadhaar-related services, aiming to trick victims into revealing login credentials or sharing UPI PINs. The Indian government’s cybercrime coordination centre, I4C, has also noted a rise in such attempts across various states, urging vigilance.

While no large-scale losses have been publicly confirmed, the risk score assigned by cybersecurity experts rates this threat as 9 out of 10, highlighting not only the financial dangers but also the challenge in detecting these covert phishing attempts given their evolving techniques.

How This Scam Works — Step by Step

1. Initial Contact Via SMS or Email: A victim receives a message or email appearing to be from a reputed Indian bank or a government portal like UIDAI (Aadhaar), often with urgent language prompting immediate action.
2. Fake Link or Attachment: The message contains a link resembling official UPI or bank websites, or an attachment claiming to be a security update or pending document.
3. Phishing Site or Malicious Software: Clicking the link takes the victim to a cloned website or prompts installation of malware designed to steal saved passwords, UPI credentials, or mobile OTPs.
4. Request for Sensitive Information: The victim is asked to enter confidential information such as UPI PIN, Aadhaar details, or OTPs sent to their phone, under the guise of verification or fraud prevention.
5. Account Takeover or Financial Theft: Using the collected data, fraudsters initiate unauthorized transactions via UPI apps, perform SIM swap attacks to intercept OTPs, or access linked bank accounts.
6. Covering Tracks: The scam network uses proxy servers and anonymized tools to avoid detection, making tracing difficult for Indian enforcement agencies.

These steps repeat across thousands of targets, exploiting the high penetration of digital payments and Aadhaar-linked services in India.

Real Warning Signs to Watch For

• Urgent or threatening language asking for immediate verification or payment
• Messages from unofficial or unusual phone numbers like 98XXXXXX12, even if mimicking official sender IDs
• Links that don’t exactly match bank or government URLs but appear similar (e.g., us**@bank replaced with us__@bank with extra characters)
• Requests for UPI PIN, OTP, or Aadhaar number sharing via SMS, WhatsApp, or phone call
• Unexpected attachments or apps asking for permissions to access contacts or SMS
• Voice calls claiming to be from RBI or CERT-In but refusing to provide employee ID or official confirmation
• Any communication that discourages verifying the request independently or threatens loss of access/funds

What Happens to Victims

Victims often face severe financial losses when unauthorized UPI transactions drain their bank accounts, sometimes leaving balances in negative or causing bounced payments. Despite RBI rules allowing limited reversal of UPI transactions, many complain that recovery is difficult once credentials are compromised. Emotional distress is also high as victims deal with identity misuse, including Aadhaar cloning for fraudulent KYC, causing long-term issues with loan applications or credit scores.

In some cases, SIM swap fraud allows scammers to intercept OTPs for other services, escalating the damage well beyond banking — including loss of access to email and social media accounts. The financial burden, along with the time and effort to resolve these issues through police and cybercrime cells, adds to the victim's trauma.

What RBI and CERT-In Say

The Reserve Bank of India regularly advises users to never share UPI PINs or OTPs with anyone, even if called by purported bank officials. CERT-In has released multiple alerts pointing out the dangers of phishing campaigns and recommended keeping devices updated with security patches.

India’s Ministry of Home Affairs runs the Indian Cyber Crime Coordination Centre (I4C), which urges citizens to verify suspicious messages or calls by contacting official helplines. The 1930 cybercrime helpline is a key resource for victims needing immediate assistance. RBI helpline numbers also provide guidance on banking fraud-related complaints.

These agencies recommend raising complaints on the official portal (cybercrime.gov.in) for faster investigation and preventive action.

How to Protect Yourself

1. Verify message sources: Always check sender details carefully. Use official bank and government websites to verify contact info.
2. Avoid clicking on unsolicited links or downloading attachments: Especially from unexpected SMS, emails, or WhatsApp numbers.
3. Never share UPI PINs, OTPs, or Aadhaar details over phone or messages: Official agencies and banks never ask for these inputs.
4. Enable two-factor authentication (2FA): On banking apps and email accounts wherever possible.
5. Regularly update your device: Install updates for phone OS and trusted security apps recommended by CERT-In.
6. Use official apps for payments: Avoid third-party links; download UPI and Aadhaar apps only from Google Play Store or Apple App Store.
7. Register for phone number verification offers with your telecom provider: This helps protect against SIM swap fraud.

What to Do If You've Been Targeted

• Immediately contact your bank’s customer care and request to block or freeze your payment accounts or UPI handles.
• Report the incident to your mobile operator to block your SIM and prevent further misuse.
• File a complaint online at cybercrime.gov.in describing the phishing attempt and any losses.
• Call the 1930 cybercrime helpline for expert assistance.
• Inform RBI helpline about any financial frauds for initiating dispute resolution.
• Change all related passwords and PINs across financial and email accounts.
• Keep records of all communications, transactions, and complaint IDs for follow-up.

Frequently Asked Questions

Q: How do I know if a UPI transaction was unauthorized due to phishing?
A: Check your bank statement for payments you did not authorize. If the transaction matches the time of responding to a suspicious message or call, it may be linked to phishing. Contact your bank immediately to report and block further transfers.

Q: Can RBI reverse a fraudulent UPI transaction?
A: RBI guidelines allow limited reversals of UPI payments if the victim reports promptly. However, successful reversal depends on the responsiveness of the beneficiary bank and proof of fraud.

Q: What should I do if I receive a call claiming to be from CERT-In asking for my Aadhaar details?
A: Do not share any sensitive information. End the call and contact CERT-In’s official numbers or the 1930 cybercrime helpline to verify the request.

To protect yourself from phishing and other scams, always verify suspicious messages or calls at BharatSecure.app and report fraud promptly to the 1930 helpline.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.