What to do if I shared my OTP in a KYC scam?

Immediately contact your bank and report the incident. You should also change your online banking password and, if needed, call the cybercrime helpline at 1930 for further assistance.

How do I identify a fake KYC update SMS?

Look for urgent language, unsolicited requests for personal information, and suspicious sender IDs or URLs that do not match your bank's official domain.

How do I report this type of scam in India?

You can report the scam by calling the cybercrime helpline at 1930 or visiting cybercrime.gov.in. Additionally, inform your bank about the fraudulent communication.

How can I recover money or protect my accounts after this scam?

Contact your bank immediately to report unauthorized transactions; they may be able to help recover funds. Also, consider filing a complaint with the cybercrime helpline and change all your relevant passwords.

Fake KYC Update SMS/Email Scam

INDIA — By BharatSecure Threat Intelligence Team · Updated Apr 29, 2026

Verdict: Suspicious | Risk Score: 8/10 | Severity: High

Category: KYC, OTP

Scam Intelligence: Fake KYC Update SMS/Email Scam

Proprietary signals from BharatSecure's scam-tracking database.

Last reported

Apr 20, 2026

How Fake KYC Update SMS/Email Scam Works

Fraudsters target SBI, HDFC, and ICICI customers by sending urgent SMS or emails claiming mandatory KYC updates before a set deadline. These messages include links to fake banking websites that look real but are designed to steal personal information such as Aadhaar, PAN, OTPs, and bank login credentials. The scammers exploit RBI regulations requiring account revalidation to create a sense of urgency. Victims who click the fake links may unknowingly provide sensitive data, leading to unauthorized access, financial theft, and identity misuse. This scam mainly preys on users who are not aware of banks promoting branch visits over digital updates for security reasons. Ultimately, falling for this can result in loss of savings and personal data breaches.

How This Scam Works — Detailed Explanation

Scammers often begin by gathering a list of potential victims through data breaches, public records, or even social media platforms like WhatsApp. Once they have identified targets, they craft messages that appear to come from legitimate banking institutions such as SBI, HDFC, or ICICI. These messages usually include alarming notices claiming that a mandatory KYC update is needed, often mentioning a threatening deadline. The urgency is intentionally instilled to push victims into acting quickly without verifying the authenticity of the communication. Some might even use local language and colloquial phrases to sound credible and familiar. This creates a facade of trust, making unsuspecting customers more likely to fall for their tactics.

In their messages, scammers deploy various psychological tricks to manipulate victims. They often use language that expresses urgency and fear, such as threats of account suspension or freezing if KYC updates are not processed immediately. By targeting customers of renowned banks, they borrow credibility and authority, which further entices the victims into clicking the provided links or uploading sensitive documents such as PAN and Aadhaar. These links lead to counterfeit banking websites that are designed to mimic official bank portals, tricking users into entering sensitive details that can be later exploited for financial gain.

Once victims interact with these fraudulent links, the scammers execute a series of steps to steal their data. For instance, an individual may receive an SMS from a number that seems legitimate, prompting them to update their KYC. Upon clicking the link, they arrive at a site that looks very much like that of HDFC's official site. Here, they fill in their Aadhaar number, PAN details, and perhaps even their bank account and OTP. In many cases, the victims realize something is wrong only after they find unauthorized transactions on their accounts or receive an alert that their accounts have been frozen due to KYC discrepancies. A notable example includes a case in Maharashtra where hundreds of people reported losses amounting to ₹50 crore collectively after falling prey to similar scams last year.

The impact of such scams is staggering. According to the Ministry of Home Affairs (MHA), cybercrimes have surged in complexities and volumes in India. The Reserve Bank of India (RBI) and CERT-In have issued multiple advisories highlighting the risks posed by fraudulent KYC updates. In a single instance in Uttar Pradesh, victims reported losses exceeding ₹20 crore as they provided sensitive information unwittingly. With the growing digitization of banking services, the Indian populace is becoming increasingly vulnerable to these scams. Each case harms not only the victims but also erodes trust in digital financial systems, prompting a call for stricter regulations and awareness campaigns.

To differentiate between legitimate communications and this scam, it is crucial to look for specific red flags. Genuine KYC notifications from banks will typically never instruct customers to click links or upload sensitive data through unsolicited messages. Instead, communication will encourage contacting the bank directly through verified numbers or online portals. Always check the URLs; authentic bank website URLs will remain consistent and secure. If you receive a message with a threatening tone or unfamiliar sender ID, it’s advisable to remain skeptical and verify before acting on it.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Fake KYC Update SMS/Email Scam Target?

General public across India

Red Flags — How to Identify Fake KYC Update SMS/Email Scam

Messages claiming urgent KYC update with suspicious links
Requests to upload PAN/Aadhaar without official branch verification
Threats of account suspension or freezing if not updated immediately
URLs that don’t match official bank domains
Unsolicited communications from unknown numbers or email IDs

What To Do If You Encounter Fake KYC Update SMS/Email Scam

Report the matter immediately by calling the cybercrime helpline at 1930 or visit cybercrime.gov.in.
Do not click any links or provide any personal details in response to unsolicited SMS or emails.
Contact your bank's official helpline—SBI at 1800-11-1109 or HDFC at 1800-202-6161—for verification.
Change your passwords for online banking and associated email accounts promptly.
Monitor your bank statements regularly for any unauthorised transactions.
Educate friends and family about the scam to prevent further incidents.

How to Report Fake KYC Update SMS/Email Scam in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a KYC scam?: Immediately contact your bank and report the incident. You should also change your online banking password and, if needed, call the cybercrime helpline at 1930 for further assistance.
How do I identify a fake KYC update SMS?: Look for urgent language, unsolicited requests for personal information, and suspicious sender IDs or URLs that do not match your bank's official domain.
How do I report this type of scam in India?: You can report the scam by calling the cybercrime helpline at 1930 or visiting cybercrime.gov.in. Additionally, inform your bank about the fraudulent communication.
How can I recover money or protect my accounts after this scam?: Contact your bank immediately to report unauthorized transactions; they may be able to help recover funds. Also, consider filing a complaint with the cybercrime helpline and change all your relevant passwords.

Related Scams in India

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.