What is KYC Expiry Phishing Scam?

Dangerous: KYC Expiry Phishing Scam. Fake KYC expiry messages lead to phishing websites stealing bank details. Learn to verify legitimate KYC update requests in India 2026.

How does KYC Expiry Phishing Scam work?

Send SMS claiming KYC documents are expired Provide fake bank website links Steal banking credentials and UPI details Drain accounts using stolen information

How to protect yourself from KYC Expiry Phishing Scam?

Do not click on any links received in unsolicited KYC expiry messages or WhatsApp forwards. Call your bank’s official customer care or visit the official bank website directly to verify any KYC update claims. Never share your OTP, UPI PIN, Aadhaar number, or full bank details in response to messages or calls. Report any suspicious KYC expiry messages to your bank and also to BharatSecure for scam tracking.

KYC Expiry Phishing Scam

केवाईसी समाप्ति फिशिंग स्कैम

INDIA — By BharatSecure Threat Intelligence Team · Updated Apr 20, 2026

Verdict: Dangerous | Risk Score: 8/10 | Severity: MEDIUM

Category: KYC

How KYC Expiry Phishing Scam Works

Send SMS claiming KYC documents are expired
Provide fake bank website links
Steal banking credentials and UPI details
Drain accounts using stolen information

How This Scam Works — Detailed Explanation

In India, every bank customer must complete their KYC (Know Your Customer) process to continue using services like mobile banking, UPI payments, and Aadhaar-linked accounts. Scammers exploit this by sending fake messages or WhatsApp forwards claiming that the victim’s KYC has expired and needs urgent updating. These messages often appear very official, mimicking bank logos, and use urgent language to create fear of losing access to money or account freezing. Victims are then lured to click on links that lead to phishing websites designed to look exactly like real bank portals.

Once on these fake websites, victims are asked to enter sensitive information such as bank account numbers, UPI PINs, Aadhaar details, and OTPs (One-Time Passwords). Scammers use this data to steal money directly through UPI transactions or unauthorized mobile banking withdrawals. Unlike typical scams, this one targets the urgency around KYC compliance mandated by Indian banks and government regulations, which confuses many users into trusting these fake alerts.

The scammers often use WhatsApp or SMS to spread these KYC Expiry Phishing Scam messages. They may also threaten victims with account freezing or blocking, increasing panic and prompting quick, unverified action. Some messages even mention government bodies like UIDAI or RBI to sound legitimate. Once the scammers have enough information, victims lose access to their funds, and recovery becomes challenging due to the digital trail left behind.

Victims usually realize the fraud after noticing unauthorized withdrawals or receiving alerts about changes they didn’t authorize. This scam is particularly dangerous because it combines social engineering with India’s push for digital payments and Aadhaar authentication, making it easy for scammers to trick even tech-savvy users. Awareness and careful verification are the keys to staying safe from this threatening scam in 2026 and beyond.

Who Does KYC Expiry Phishing Scam Target?

All bank account holders, especially elderly and less tech-savvy users

Red Flags — How to Identify KYC Expiry Phishing Scam

Urgent KYC update demands
Suspicious website URLs
Threats of account freezing
Requests for complete banking details

What To Do If You Encounter KYC Expiry Phishing Scam

Do not click on any links received in unsolicited KYC expiry messages or WhatsApp forwards.
Call your bank’s official customer care or visit the official bank website directly to verify any KYC update claims.
Never share your OTP, UPI PIN, Aadhaar number, or full bank details in response to messages or calls.
Report any suspicious KYC expiry messages to your bank and also to BharatSecure for scam tracking.
Immediately block your UPI or mobile banking app and change passwords if you suspect your credentials are compromised.

How to Report KYC Expiry Phishing Scam in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What is KYC Expiry Phishing Scam?: Dangerous: KYC Expiry Phishing Scam. Fake KYC expiry messages lead to phishing websites stealing bank details. Learn to verify legitimate KYC update requests in India 2026.
How does KYC Expiry Phishing Scam work?: Send SMS claiming KYC documents are expired Provide fake bank website links Steal banking credentials and UPI details Drain accounts using stolen information
How to protect yourself from KYC Expiry Phishing Scam?: Do not click on any links received in unsolicited KYC expiry messages or WhatsApp forwards. Call your bank’s official customer care or visit the official bank website directly to verify any KYC update claims. Never share your OTP, UPI PIN, Aadhaar number, or full bank details in response to messages or calls. Report any suspicious KYC expiry messages to your bank and also to BharatSecure for scam tracking.
How to report KYC Expiry Phishing Scam in India?: Report to cybercrime.gov.in or call 1930 (National Cyber Crime Helpline). You can also contact your local police station's cyber cell.

Related Scams in India

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.