What to do if I shared my Aadhaar details in a WhatsApp scam?

Immediately report this to your bank's helpline, such as SBI at 1800-11-1109 or HDFC at 1800-202-6161, and block your account.

How can I identify Aadhaar biometric withdrawal fraud?

Look for unauthorized SMS alerts about transactions you did not initiate and verify any Aadhaar authentication attempts via your bank.

How to report this type of scam in India?

Contact the cybercrime helpline at 1930, file a report on cybercrime.gov.in, and reach out to your bank's fraud report team.

What steps should I take to recover funds lost in this fraud?

Contact your bank immediately to dispute unauthorized withdrawals and inquire about chargeback processes, while also filing a report with the cybercrime helpline.

Aadhaar-Enabled Payment System (AePS) Biometric Withdrawal Fraud

INDIA — By BharatSecure Threat Intelligence Team · Updated May 29, 2026

Verdict: Suspicious | Risk Score: 9/10 | Severity: critical

Category: WhatsApp, Phishing, OTP

How Aadhaar-Enabled Payment System (AePS) Biometric Withdrawal Fraud Works

Overview: Aadhaar-Enabled Payment System (AePS) biometric withdrawal scams are targeting Indian bank customers, especially in rural and semi-urban areas, by exploiting stolen Aadhaar details and misused biometrics. This scam enables fraudsters to withdraw money directly from victims’ bank accounts without a debit card, PIN, or OTP – just using their Aadhaar number and biometric authentication. Victims often have no idea their money is being siphoned out, making this scam extremely dangerous. How It Works: Scammers first acquire someone’s Aadhaar number, usually via leaks, phishing, or buying data breaches online. Sometimes they also get copies of biometrics (fingerprints or face photos) through covert means or rogue agents. With these, they visit an AePS agent and use a fake or cloned biometric to authenticate a withdrawal from the victim’s linked bank account. The money is taken instantly, often in small chunks to avoid detection. India Angle: These attacks are most common in areas where AePS is popular—rural village[ADDRESS_REDACTED]regions. Many victims are rural homemakers, pensioners, or people with basic bank accounts who rarely check their balances or notification messages. Scams often play out via WhatsApp, SMS, or calls posing as local agents. Real Examples: - "Aapka bank balance Aadhaar ke through withdraw ho chuka hai. Agar yeh aapne nahi kiya, turant apne bank se sampark karein." - A rural shopkeeper discovered Rs 28,000 missing after biometric logins that he never authorized. - "Sir, income subsidy ke liye apko finger lagana padega—main agent hoon." (scammer collects physical fingerprint under false pretense) Red Flags: - Multiple small debit transactions via AePS you did not authorize. - Unfamiliar entries in your Aadhaar authentication history. - Unsolicited visits or calls asking for your biometrics for 'government' services. - Loss of mobile signal followed by strange banking activity. Protective Measures: - Immediately lock your Aadhaar biometrics on UIDAI portal or mAadhaar app. - Review Aadhaar authentication history regularly at the official UIDAI website. - Do not share biometrics or Aadhaar number with anyone except at official, trusted outlets. - Enable transaction alerts for all account activity. If Victimised: - Lock biometrics via UIDAI immediately to prevent further misuse. - Contact your bank and file a written fraud complaint referencing RBI’s 'zero liability' policy for unauthorized AePS withdrawals. - Report the matter to 1930 and cybercrime.gov.in. File an FIR if required. Related Scams: - SIM swap fraud to take control of your banking SMS/alerts. - AePS agent collusion scams, where agents themselves help fraudsters. - Phishing calls asking for Aadhaar or OTP.

How This Scam Works — Detailed Explanation

Aadhaar-Enabled Payment System (AePS) Biometric Withdrawal Fraud typically targets individuals in rural and semi-urban areas of India, primarily through deceptive communications via platforms like WhatsApp. Scammers often gather personal data unethically, either through phishing scams or social engineering tactics. They might pose as bank representatives or government officials, reaching out to potential victims claiming they need to verify their Aadhaar details for a new scheme or a fake draw for cash prizes. This method creates a sense of urgency, making individuals more likely to share sensitive information without the necessary caution.

Once scammers establish contact with a victim, they employ a mix of psychological manipulation and technical tactics. They often create fake websites that resemble legitimate bank portals to collect Aadhaar information, or they sometimes request biometric data directly through social engineering—claiming it’s necessary for security. These requests can manifest as seemingly innocuous texts or calls, ensuring the initial contact feels credible. This manipulation exploits the trust people have in established banking or government services, leading victims to unwittingly comply with fraudulent requests while feeling reassured about the legitimacy of the operation.

Victims of this scam experience a horrifying realization as their funds disappear from their bank accounts without any prior knowledge or consent. For instance, a small-scale farmer in Uttar Pradesh might receive unusual SMS alerts indicating an AePS withdrawal of ₹5,000 he did not authorize. Upon investigation, he discovers several unauthorized attempts to authenticate using his Aadhaar details—requests that he never initiated. With no debit card, PIN, or OTP involved, he finds it difficult to understand how this fraud occurred. Often victims remain in the dark for days, relying on bank helplines like SBI (1800-11-1109) or HDFC (1800-202-6161) for clarity, only to discover the alarming breach that has left them financially compromised.

The real-world impact of this biometric withdrawal scam is staggering in India. Data indicates that the loss incurred by fraudsters in such scams amounted to approximately ₹1,000 crore (10 billion INR) in recent years. Given the reliance on digital payment systems like UPI, many Indians remain vulnerable. The Ministry of Home Affairs (MHA), in conjunction with RBI and CERT-In advisories, urges citizens to remain vigilant as such scams proliferate. Victims not only bear the financial losses, but they also face emotional and psychological distress, further compounded by the challenges of recovery and prevention amidst a lack of proper cybersecurity literacy.

Identifying legitimate communications becomes crucial in safeguarding against this type of fraud. Always verify requests for Aadhaar authentication through official channels; most legitimate banks will never ask for personal details directly via WhatsApp or SMS unless you’re already responding to a verified communication. Red flags include receiving unsolicited SMS alerts about AePS transactions you didn’t initiate, sudden unknown Aadhaar biometric authentication attempts, and any requests for your biometric data under dubious pretenses. Protect yourself by enacting stringent verification procedures and utilizing official helplines, ensuring that you remain ahead of potential threats.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Aadhaar-Enabled Payment System (AePS) Biometric Withdrawal Fraud Target?

General public across India

Red Flags — How to Identify Aadhaar-Enabled Payment System (AePS) Biometric Withdrawal Fraud

SMS alerts for AePS withdrawals you did not make
Unknown Aadhaar authentication attempts
Suspicious requests for fingerprints or face scan
Loss of network followed by debits

What To Do If You Encounter Aadhaar-Enabled Payment System (AePS) Biometric Withdrawal Fraud

Report fraudulent transactions immediately to your bank and ask them to block your account.
Contact the cybercrime helpline at 1930 to report the incident and seek guidance.
Visit cybercrime.gov.in and file a report, providing as much detail as possible.
Alert your family and friends to raise awareness about this scam and prevent further victims.
Monitor your bank account regularly for any unauthorized transactions.
Change your Aadhaar details password and any linked banking passwords for added security.

How to Report Aadhaar-Enabled Payment System (AePS) Biometric Withdrawal Fraud in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my Aadhaar details in a WhatsApp scam?: Immediately report this to your bank's helpline, such as SBI at 1800-11-1109 or HDFC at 1800-202-6161, and block your account.
How can I identify Aadhaar biometric withdrawal fraud?: Look for unauthorized SMS alerts about transactions you did not initiate and verify any Aadhaar authentication attempts via your bank.
How to report this type of scam in India?: Contact the cybercrime helpline at 1930, file a report on cybercrime.gov.in, and reach out to your bank's fraud report team.
What steps should I take to recover funds lost in this fraud?: Contact your bank immediately to dispute unauthorized withdrawals and inquire about chargeback processes, while also filing a report with the cybercrime helpline.

Related Scams in India

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.