What to do if I shared my OTP in a UPI scam?

Immediately contact your bank using their helpline (e.g., SBI 1800-11-1109 or HDFC 1800-202-6161) and report the issue to 1930.

How can I identify the Combo Reverse Proxy Bank Phishing Kit Scam?

Look out for web links with unusual spellings or requests for OTPs when no transaction was initiated by you.

How can I report this type of scam in India?

You can report a scam by calling the cybercrime helpline at 1930 or visiting cybercrime.gov.in to file a complaint.

What are the steps to recover money or protect my accounts after this scam?

Contact your bank to freeze your account, report the incident to 1930, and monitor your statements closely for further fraudulent activity.

Combo Reverse Proxy Bank Phishing Kit Scam

Verdict: Suspicious | Risk Score: 9/10 | Severity: critical

Category: UPI, WhatsApp, Phishing

How Combo Reverse Proxy Bank Phishing Kit Scam Works

Overview: Reverse-proxy combo phishing kits, like Tycoon2FA and EvilProxy, are an advanced scam where criminals set up websites that look identical to legitimate banking and e-commerce portals. These kits are readily available on the dark web, making it easy for even inexperienced scammers to launch attacks targeting Indian banking customers and e-wallet users. The risk is serious: attackers can bypass OTP, steal login sessions, and even take over your bank or shopping accounts without detection. How It Works: You receive an email or SMS, often with branding from banks like SBI, ICICI, HDFC, or e-commerce sites such as Amazon or Flipkart. The message warns of a problem—"account frozen," "unauthorized login," or "transaction failed." A link leads to a fake but convincing login page. When you enter your username, password, and OTP, the reverse-proxy forwards your data in real-time to the real bank. The scammer captures both your credentials and live session cookies—allowing them to log in as you, possibly even on new devices, bypassing security. India Angle: These scams have rapidly spread across Tier 1 and Tier 2 cities, exploiting India’s reliance on UPI, netbanking, and digital wallets. Messages may appear in regional languages and sometimes use local names or bank design to boost trust. Young adults, busy professionals, and the elderly—especially those less familiar with subtle URL changes—are frequently hit. Real Examples: - SMS: “Your SBI account is at risk of deactivation. Quickly verify at sbi-account-secure.com.” - Email: “Notice: Amazon Pay wallet login attempt failed. Re-authenticate here: [spoofed link].” - WhatsApp: “ICICI urgent: OTP needed for account protection. Log in at this link.” Red Flags: - Links that look very similar to but are not the official website (e.g. using characters from other languages). - No actual call from bank or e-commerce customer support after receiving urgent SMS/email. - Login pages that don’t show browser security indicators (padlock icon or HTTPS). - Requests for OTP even if you didn’t initiate a transaction. - Offers of support that require using a ‘customer portal’ sent by SMS or WhatsApp. Protective Measures: - Always access bank accounts by typing the official URL or via the official app, never from email/SMS links. - Cross-check any urgent message by calling your bank’s customer care number on their official website. - Don’t share OTPs or login details—even with supposed ‘bank officials’. Real staff will never ask. - Look closely for unusual characters in website links (e.g., bаnkofindia.com vs bankofindia.com). - Use strong passwords and enable app-based authentication. If Victimised: - Immediately inform your bank to block further transactions and change all passwords. - Report incident on 1930 and at cybercrime.gov.in. - Monitor statements and credit reports for suspicious activity. - Notify others in your family or workplace who share your network or devices. Related Scams: - UPI phishing (fake payment requests through apps like Google Pay or PhonePe) - Social Engineering vishing (calls tricking for OTP or bank info) - Fake online store payment page scams

How This Scam Works — Detailed Explanation

In recent months, the Combo Reverse Proxy Bank Phishing Kit Scam has become increasingly common in India, particularly targeting users of UPI (Unified Payments Interface) and e-wallets. Scammers use advanced phishing kits, such as Tycoon2FA and EvilProxy, to create counterfeit websites that closely mimic legitimate banking and shopping portals. They often share these fake links via popular platforms like WhatsApp or SMS, reaching out to unsuspecting victims with promises of enticing offers or urgent warnings about their accounts. By exploiting the trust users have in familiar platforms, scammers can easily lure individuals into their web.

The tactics employed by these cybercriminals are both clever and psychological. For instance, they create a sense of urgency by sending messages about immediate account freezes or prompting users to verify their details to avoid suspension. This manipulation plays on people's fears of losing access to their funds. Additionally, when victims click on these links, they are directed to a spoofed login page where they are asked for their personal information, such as Aadhaar details, UPI PINs, or OTPs (One Time Passwords). The attackers use this information to gain unauthorized access to their accounts, all while convincing the victim that they are dealing with a legitimate issue.

Real victims of this scam often go through a troubling sequence of events that can lead to substantial financial losses. For example, consider a user who received a WhatsApp message claiming they needed to reset their bank password immediately. After clicking the link provided, they found themselves on a page that looked exactly like their bank's official site. Unaware of the scam, they entered their credentials, allowing the attackers to bypass OTP verification and immediately access their account. This could lead to unauthorized transactions, potentially draining the victim's bank account within minutes. According to various reports, Indian victims lost more than ₹500 crore in 2022 due to similar phishing scams, showcasing the scale of this cyber threat.

The real-world impacts of the Combo Reverse Proxy Bank Phishing Kit Scam are profound. As more individuals fall prey to these schemes, it complicates efforts to create a safe digital banking environment in India. Agencies like the RBI and CERT-In regularly publish advisories emphasizing the need for caution. The Ministry of Home Affairs has also issued guidelines for online safety, stressing the importance of secure digital practices. Victims are left not only with financial loss, often bearing the burden of disputes with banking institutions, but also with emotional distress, as many feel violated and distrusted. The increase in reported scams further burdens law enforcement and cybersecurity agencies, highlighting the persistent challenge of cyber fraud in India.

To effectively combat this scam, it is crucial to understand how to differentiate between genuine communications and those that are potentially harmful. Legitimate organizations typically communicate through official apps or verified emails, not via WhatsApp or suspicious SMS links. Furthermore, inspect web URLs for unusual spellings or foreign characters, as legitimate sites will have a secure HTTPS padlock. If you receive an unexpected request for an OTP or notice grammatical errors in a message, it’s a strong indication of a scam. Take your time to validate the source of any communication before taking action, as cybercriminals rely on impulsive reactions to succeed in their malicious endeavors.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Combo Reverse Proxy Bank Phishing Kit Scam Target?

General public across India

Red Flags — How to Identify Combo Reverse Proxy Bank Phishing Kit Scam

Web links with unusual spellings or foreign letters
Requests for OTPs when you didn't initiate a transaction
Threats of immediate account freezing or suspension
Login pages missing HTTPS padlock or security signals
Messages sent via WhatsApp or SMS instead of official apps

What To Do If You Encounter Combo Reverse Proxy Bank Phishing Kit Scam

Report the incident immediately by calling the cybercrime helpline at 1930 or visiting cybercrime.gov.in.
Notify your bank's customer service about any unauthorized transactions and ask them to freeze your account if necessary.
Change your password and reset your UPI PIN across all platforms where you may have used them.
Monitor your bank statements regularly for any unfamiliar activity or transactions.
Educate your family and friends about this type of scam to help prevent further victims.
Consider enabling two-factor authentication where applicable for an extra layer of security on your accounts.

How to Report Combo Reverse Proxy Bank Phishing Kit Scam in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a UPI scam?: Immediately contact your bank using their helpline (e.g., SBI 1800-11-1109 or HDFC 1800-202-6161) and report the issue to 1930.
How can I identify the Combo Reverse Proxy Bank Phishing Kit Scam?: Look out for web links with unusual spellings or requests for OTPs when no transaction was initiated by you.
How can I report this type of scam in India?: You can report a scam by calling the cybercrime helpline at 1930 or visiting cybercrime.gov.in to file a complaint.
What are the steps to recover money or protect my accounts after this scam?: Contact your bank to freeze your account, report the incident to 1930, and monitor your statements closely for further fraudulent activity.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.