What to do if I shared my OTP in a UPI scam?

Immediately contact your bank's helpline (e.g., SBI 1800-11-1109, HDFC 1800-202-6161) to inform them about the incident and block further transactions.

How can I identify an Aadhaar and UPI verification scam?

Look for signs such as unsolicited calls asking for sensitive information, urgency in their tone, or unfamiliar caller IDs. Legitimate organizations never ask for personal details this way.

How to report this type of scam in India?

You can report online at cybercrime.gov.in or call the cybercrime helpline at 1930. Additionally, inform your bank about the fraudulent activity.

How to recover money or protect my accounts after being scammed?

Contact your bank immediately to block your account and prevent further transactions. Monitor your bank statements, and consider changing passwords for added protection.

Aadhaar and UPI 'Verification' Remote Access Scam

Verdict: Suspicious | Risk Score: 7/10 | Severity: high

Category: UPI, WhatsApp, KYC

How Aadhaar and UPI 'Verification' Remote Access Scam Works

Overview: This widespread fraud targets Indian citizens by leveraging the growing reliance on Aadhaar and UPI for digital services. Fraudsters claim there’s an urgent need to verify or update your Aadhaar or UPI details to prevent service suspension. They exploit confusion around digital KYC, tricking victims into sharing personal data or granting remote access to devices, leading to theft of money or sensitive info. How It Works: Scammers phone or message the victim, impersonating staff from the UIDAI, local bank, or payment app (like Paytm, Google Pay). They say your Aadhaar or UPI will soon be blocked unless you quickly update verification. They instruct victims to share an OTP, click a 'verification link,' or download an app for remote assistance. Under cover of helping, they steal credentials, transfer funds, or harvest data. Sometimes, they show fake verification pages, warning that failure to comply will freeze your account. India Angle: Large-scale targeting occurs in Hindi, Bengali, and local languages, with special focus on elderly and non-urban populations. The scam can affect anyone, but those new to digital payments or in semi-urban/rural regions are most vulnerable. Real Examples: A homemaker in Uttar Pradesh received a WhatsApp voice call: 'Dear customer, your Aadhaar KYC will expire. Please share your OTP to update.' After sharing, her UPI wallet was drained by ₹28,000. Another victim in Kolkata received

How This Scam Works — Detailed Explanation

Scammers often target potential victims through various channels including unsolicited phone calls, WhatsApp messages, and even by leveraging social media platforms. They may acquire phone numbers from databases sold on the dark web or through phishing attacks. Oddly enough, they also utilize credible-looking caller IDs that resemble legitimate organizations such as banks or government offices. Once they have your number, the scam begins with a message or call seemingly from the Unique Identification Authority of India (UIDAI) or your bank. The message typically includes alarming language, claiming that your Aadhaar or UPI account is at risk due to outdated information and that immediate verification is required to prevent suspension of services.

To manipulate the victims, scammers use several psychological tactics that instill fear and urgency. They may state that failing to take urgent action could result in losing access to financial services, which is a genuine concern for most people habitually using UPI for transactions. They often employ phrases such as, "Your Aadhaar verification is due; please confirm your details immediately". The conversation often leads to sharing sensitive information or granting remote access to their devices under the guise of helping them update details. Scammers often mention fictitious “security procedures” that further play into the victim's fear of financial loss.

Once victims trust the scammers enough to share their details, the scam rolls into high gear. For instance, a victim might receive a call from someone impersonating their bank’s helpline (e.g., SBI or HDFC). The scammer might instruct them to download a remote access application, claiming it’s for safeguarding their UPI transactions. Once remote access is granted, scammers can easily siphon funds from linked bank accounts, often amounting to thousands of rupees. Victims have reported losses in excess of ₹20 crore collectively from various remote access scams in India in recent months. Many individuals remain unaware that providing access to their devices—even for seemingly legitimate verification—can allow criminals to carry out transactions without their consent.

The financial and emotional toll on victims can be severe, not only resulting in monetary loss but also leading to feelings of shame and violation. The Ministry of Home Affairs has heightened awareness around these scams and initiated campaigns through various organizations like CERT-In to educate the public. Despite these efforts, many people still fall victim. According to recent CERT-In advisories, incidents of financial fraud targeting Aadhaar and UPI users have surged, prompting government agencies to enhance guidelines aiming to fortify users’ defenses against such scams.

In distinguishing this scam from legitimate communications, it is crucial to note that credible institutions never ask for sensitive information via calls or unsolicited messages. Alerting indicators include poor grammar, unfamiliar phone numbers, or requests for remote access. If such communication occurs, it's wiser to directly verify with your bank's official helpline rather than engage with the suspected scammers. Always remember that your personal and banking information should never be shared with anyone who contacts you first or through unofficial channels.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Aadhaar and UPI 'Verification' Remote Access Scam Target?

General public across India

What To Do If You Encounter Aadhaar and UPI 'Verification' Remote Access Scam

Report the scam at the cybercrime helpline 1930 or visit cybercrime.gov.in immediately.
Do not share any OTP or sensitive details with unknown callers.
Change your Aadhaar-linked mobile number through the official UIDAI website if compromised.
Notify your bank immediately using the helplines like SBI 1800-11-1109 or HDFC 1800-202-6161.
Monitor your bank statements regularly for unauthorized transactions and report any discrepancies.
Consider filing an FIR at your local police station to formally report the incident.

How to Report Aadhaar and UPI 'Verification' Remote Access Scam in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a UPI scam?: Immediately contact your bank's helpline (e.g., SBI 1800-11-1109, HDFC 1800-202-6161) to inform them about the incident and block further transactions.
How can I identify an Aadhaar and UPI verification scam?: Look for signs such as unsolicited calls asking for sensitive information, urgency in their tone, or unfamiliar caller IDs. Legitimate organizations never ask for personal details this way.
How to report this type of scam in India?: You can report online at cybercrime.gov.in or call the cybercrime helpline at 1930. Additionally, inform your bank about the fraudulent activity.
How to recover money or protect my accounts after being scammed?: Contact your bank immediately to block your account and prevent further transactions. Monitor your bank statements, and consider changing passwords for added protection.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.