What to do if I shared my OTP in a UPI scam?

Immediately contact your bank's customer service helpline like SBI at 1800-11-1109. They can help you secure your account.

How can I identify a Fake FASTag Reactivation SMS?

Check for unofficial sender names, suspicious links, and urgent language; genuine messages won’t request sensitive info.

How do I report this type of scam in India?

You can report scams to the cybercrime helpline by calling 1930, or file a report at cybercrime.gov.in.

What steps can I take to recover money or protect my accounts after falling for this scam?

Contact your bank immediately to freeze your account and discuss recovery options; they can guide you through the process.

Fake FASTag Reactivation SMS Phishing

INDIA — By BharatSecure Threat Intelligence Team · Updated May 27, 2026

Verdict: Suspicious | Risk Score: 7/10 | Severity: high

Category: UPI, KYC, Phishing

How Fake FASTag Reactivation SMS Phishing Works

Overview: This scam involves SMS messages that claim your FASTag account requires immediate reactivation, with fraudsters sending links that mimic official portals. Individuals with registered FASTags are targeted, and the scam is dangerous because entering your login or card details on these spoofed sites can result in instant financial theft. How It Works: Victims receive a text message, often from a sender ID resembling a bank or FASTag provider, warning that their FASTag has expired or is blocked. The SMS contains a link urging the user to update KYC or reactivate the tag. If the user clicks, a fake website opens, mirroring the look of a genuine FASTag or Paytm portal. The site requests sensitive information such as mobile number, card details, or UPI PIN. Sometimes, a follow-up call reinforces urgency, coaxing the victim to complete the process. Credentials entered are harvested by fraudsters to siphon money or gain access to linked accounts. India Angle: These scams are prevalent in urban and semi-urban areas, where cashless toll payments have high adoption. Fraudsters use SMS in English, Hindi, and sometimes local languages. They target regular commuters and transport business owners by referencing known toll plaza brands or popular payment platforms like Paytm and HDFC Bank. Real Examples: - "FASTag account suspended! Reactivate: http://fastagupdate.in/verify." - "Paytm FASTag KYC pending, click link below to update now or your account will be blocked." - Victims have reported receiving calls after clicking the link, insisting on providing card details for a small reactivation "fee." Red Flags: - Link in SMS not matching the official website (e.g., extra letters or unfamiliar domains) - Poor spelling, grammar, or urgent language like “block,” “suspend,” or “urgent KYC” - Requests for confidential details via website forms - Follow-up calls increasing pressure after the SMS Protective Measures: - Never click on links sent via SMS about KYC or account status - Always access Paytm, NHAI, or bank sites/apps from known addresses - Cross-check any alarming SMS by calling official customer care numbers found on statements or apps - Block and report suspicious numbers/senders If Victimised: - Inform your bank/FASTag provider to lock vulnerable accounts - Report the fraud at cybercrime.gov.in and call 1930 - Change passwords and alert your financial service providers immediately Related Scams: - Fake electricity bill SMS phishing - Phishing campaigns targeting credit card or digital wallet KYC

How This Scam Works — Detailed Explanation

In the burgeoning digital age of India, scams have evolved alongside technological advancements. One particular scam that has surfaced is the 'Fake FASTag Reactivation SMS Phishing'. Scammers often target individuals who have registered FASTags, which are popular for toll payments on highways. They usually obtain phone numbers from public databases or through data breaches. By masquerading as legitimate banks or FASTag service providers, they send SMS alerts that claim urgent action is needed, creating a false sense of threat. The messages typically come from sender IDs that closely resemble trusted entities, making it difficult for recipients to distinguish between genuine notifications and fraudulent communications.

The tactics employed by these scammers are designed to exploit both fear and urgency. The language in these SMS alerts is intentionally alarming, often alerting recipients that their FASTag account is about to expire or has already been deactivated. This psychological manipulation forces victims into a reactive state where they feel compelled to click on provided links without conducting adequate scrutiny. Once they click the link, unsuspecting victims are redirected to fake websites that mimic official portals. These sites often request sensitive information such as UPI PINs, Aadhaar numbers, or card details, which victims are tricked into providing, mistaking the sites for genuine. Scammers further employ follow-up phishing calls to reinforce the urgency, pressuring victims into acting quickly.

Once victims unknowingly provide their details on these bogus sites, the consequences can be dire. For instance, if a victim inputs their UPI PIN after arriving at a spoofed payment portal, the criminals can drain their bank accounts within minutes, transferring funds to untraceable accounts. A prevalent case involved multiple victims reporting losses of crores of rupees collectively due to these scams, with a significant portion being linked to UPI transactions. With the widespread use of mobile wallets and digital payments in India, the impact has been exacerbated, as even those who may not be well-versed in digital payments could fall prey to this scheme. Reports to the Ministry of Home Affairs (MHA) have revealed that UPI scams have surged, correlating directly with the rise of digital payments, and banks such as SBI and HDFC have been inundated with calls from distressed customers.

The financial repercussions of such scams in India are staggering. According to the National Cyber Crime Reporting Portal, victims of digital frauds, including this FASTag scam, lost approximately ₹1,000 crore in the past year alone. The scenario is so prevalent that any genuine communication from banks now includes warnings and advisories set forth by the Reserve Bank of India (RBI) and CERT-In to enhance consumer awareness. Despite these efforts, the sheer number of individuals who suffer from these schemes continues to rise, emphasizing a dire need for acute vigilance amongst users.

Identifying the signs of this scam from legitimate communications is pivotal. Genuine alerts from your bank or FASTag service will rarely, if ever, ask for sensitive personal information through SMS or direct you to click on dubious links. Additionally, legitimate messages typically come from recognized, official sender IDs. Always verify the authenticity of any message by contacting your bank directly using verified contact numbers, such as SBI's helpline at 1800-11-1109 or HDFC's at 1800-202-6161, rather than following any links included in the SMS. Remember to stay calm and collected to avoid being pressured into hasty actions, as genuine service providers prioritize your safety and will provide multiple modes of verification before requiring sensitive information.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Fake FASTag Reactivation SMS Phishing Target?

General public across India

Red Flags — How to Identify Fake FASTag Reactivation SMS Phishing

SMS contains a suspicious or unfamiliar link
Message uses urgent, alarming language
Site requests sensitive personal or financial details
SMS sender name looks unofficial
Follow-up calls pressure you to act after clicking

What To Do If You Encounter Fake FASTag Reactivation SMS Phishing

Report the suspicious SMS immediately by calling the cybercrime helpline at 1930 or visiting cybercrime.gov.in.
Do not click on any links provided in the message; instead, independently verify communications directly with your bank.
If you mistakenly provided your details, block your bank account as soon as possible to prevent Further losses.
Educate yourself and family members about this scam to avoid falling victim in the future.
Monitor your bank statements and online transactions regularly for any unauthorized transactions.
Consider enabling additional security features like two-factor authentication on your banking apps.

How to Report Fake FASTag Reactivation SMS Phishing in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a UPI scam?: Immediately contact your bank's customer service helpline like SBI at 1800-11-1109. They can help you secure your account.
How can I identify a Fake FASTag Reactivation SMS?: Check for unofficial sender names, suspicious links, and urgent language; genuine messages won’t request sensitive info.
How do I report this type of scam in India?: You can report scams to the cybercrime helpline by calling 1930, or file a report at cybercrime.gov.in.
What steps can I take to recover money or protect my accounts after falling for this scam?: Contact your bank immediately to freeze your account and discuss recovery options; they can guide you through the process.

Related Scams in India

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.