Paytm KYC Expired SMS Phishing Scam — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated Jun 08, 2026

Severity: Critical | View Full Scam Details

Beware the Paytm KYC Expired SMS Phishing Scam in India — 2026 Warning for UPI and Digital Wallet Users

A critical new phishing scam targets Paytm users with fake SMS alerts claiming their KYC has expired, risking your money and data.

What Is the Paytm KYC Expired SMS Phishing Scam?

The Paytm KYC Expired SMS Phishing Scam is an emerging cyber fraud in India where fraudsters impersonate Paytm to trick users into sharing sensitive information or authorizing fraudulent transactions. It specifically targets Paytm customers — a large group given Paytm's widespread use for UPI payments, mobile recharges, utility bills, and shopping.

This scam exploits the mandatory Know Your Customer (KYC) rules enforced by the Reserve Bank of India (RBI), which digital wallets including Paytm require users to complete for full service access. Fraudsters send alarming SMS messages claiming that the victim’s KYC is expired or needs urgent renewal, prompting hasty action. With millions of active digital wallet users across India, such scams have become disturbingly common.

The Indian Computer Emergency Response Team (CERT-In) and the Indian Cyber Crime Coordination Centre (I4C) have issued regular advisories reminding users to verify any KYC-related communication directly through official apps or websites. The RBI has also emphasized protecting customer credentials and strictly warns against sharing OTPs, UPI PINs, or Aadhaar details over phone or SMS.

How This Scam Works — Step by Step

1. Targeted SMS Received: Users receive an SMS that appears to be from Paytm, mentioning urgent KYC expiry or failure to verify details. The message may include a suspicious link or ask the user to reply with personal data.

2. Forced Sense of Urgency: The message warns of account blockage, transaction suspension, or restriction on wallet credits unless immediate action is taken.

3. Phishing Website or Call: If the user clicks the link, they are directed to a fraudulent website closely mimicking Paytm’s design, asking to fill in Aadhaar number, PAN, bank details, or UPI PIN. Alternatively, the SMS may request an immediate callback where a caller posing as Paytm support seeks sensitive data.

4. Data Capture and Account Takeover: The victim unknowingly shares OTPs, passwords, or UPI PINs, allowing fraudsters to access the wallet, complete unauthorized UPI transactions, or hijack linked bank accounts.

5. Fund Withdrawal or Fraudulent Transactions: Scam operators quickly transfer money to mule accounts or conduct multiple micro-transactions using UPI apps before the victim notices.

6. Delayed Detection: Victims often only realize the scam after seeing unexpected debits or transaction alerts, by which time substantial financial loss may have occurred.

Real Warning Signs to Watch For

• SMS sender ID looks unusual or contains misspellings (e.g., “Paytmm” or a random number).
• The message contains links starting with “http” rather than official “https” URLs.
• Demand for confidential information like OTP, UPI PIN, Aadhaar number, or bank details over SMS or call.
• Pressure to act immediately with threats of account suspension or blocking.
• Messages or calls originate from unknown phone numbers or unverified email addresses.
• Poor grammar or spelling errors in the SMS content.
• Requests to download apps or click on links outside official app stores.

What Happens to Victims

Victims can suffer severe financial and emotional consequences from this scam. Financially, unauthorized UPI payments can drain linked bank accounts with little recourse. Due to UPI’s near-instant settlement, reversal of fraudulent transactions is challenging. Victims may also face SIM swap fraud if scammers use stolen identity data, leading to further breaches such as Aadhaar misuse or fraud in other linked accounts.

Emotionally, victims often feel violated and helpless, with trust in digital payments shaken. The hassle of reporting, freezing accounts, and recovering funds causes stress, especially for less tech-savvy users or seniors. Losses can range from a few thousand rupees to lakhs, severely impacting everyday life.

What RBI and CERT-In Say

The Reserve Bank of India mandates that banks and digital payment providers must ensure customer data safety and strictly prohibit sharing of sensitive credentials. RBI advises customers against sharing OTPs, PINs, passwords, or confidential KYC details with anyone, including callers claiming to be from the bank or wallet provider.

CERT-In, India’s cyber emergency response team, regularly issues alerts about phishing and digital payment frauds, recommending verification through official apps or helplines before acting on any suspicious messages. The Indian Cyber Crime Coordination Centre’s (I4C) helpline 1930 is specifically available for cybercrime complaints including UPI-related frauds.

Users are urged to report any such phishing attempts immediately to their wallet’s official support, bank, CERT-In, and through cybercrime.gov.in to aid in tracking scams and protecting others.

How to Protect Yourself

1. Never click on links or download attachments received in unexpected SMS or emails about KYC or payments.
2. Verify all KYC or account-related alerts directly by logging into the official Paytm app or website independently.
3. Do not share OTPs, UPI PINs, passwords, Aadhaar or PAN details over phone calls or SMS.
4. Enable multi-factor authentication (MFA) on your Paytm and bank accounts for extra security.
5. Regularly monitor your bank and wallet transaction history for suspicious activity.
6. Block suspicious numbers and report phishing SMS to your mobile service provider by forwarding the message to 1909.
7. Update your phone’s operating system and apps to reduce vulnerability to malware.

What to Do If You’ve Been Targeted

1. Immediately block your Paytm wallet and bank accounts via official apps or customer support.
2. File a complaint on cybercrime.gov.in or call the National Cyber Crime Helpline at 1930.
3. Inform your bank about unauthorized UPI transactions and request to freeze related accounts or blocks.
4. Change all relevant passwords, PINs, and enable new security features.
5. Report the scam to Paytm’s official customer care and follow their guidance for KYC re-verification.
6. Notify your mobile service provider if you suspect SIM swap or phone security compromise.
7. Document all communications and transactions related to the scam for police reporting and future reference.

Frequently Asked Questions

Q: Can Paytm ask for KYC details via SMS or phone?
No. Paytm does not request sensitive KYC information, OTPs, or UPI PINs via SMS or phone calls. All KYC updates should only be done through the official app or website.

Q: What if I clicked the phishing link but did not share any details?
Immediately clear your browser cache, run antivirus scans on your phone, and monitor your accounts closely. Avoid entering any personal information if asked afterward.

Q: How quickly can I get my money back if I fall victim to this scam?
Reversals depend on bank policies and when you report the fraud. The RBI’s guidelines require banks to resolve complaints timely, but prevention is crucial since many scam transactions are irreversible.

Stay alert and verify all suspicious messages before acting. Visit BharatSecure.app to learn how to identify fake SMS and report frauds. If you receive a suspicious Paytm KYC message, do not ignore it—call 1930 to report the attempt.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.