What to do if I shared my OTP in a UPI scam?

Immediately report the incident at 1930 and contact your bank's customer service. For example, SBI can be reached at 1800-11-1109.

How can I identify the Paytm KYC Expired SMS Phishing Scam?

Look for messages with generic greetings, urgent threats, and links not associated with paytm.com.

How do I report this type of scam in India?

You can report at 1930 or visit cybercrime.gov.in to submit your complaint. Always inform your bank about fraudulent activities.

What steps should I follow to recover money or protect my account after this scam?

Contact your bank immediately to report unauthorized transactions, change your passwords and enable additional security methods such as two-factor authentication.

Paytm KYC Expired SMS Phishing Scam

INDIA — By BharatSecure Threat Intelligence Team · Updated May 12, 2026

Verdict: Suspicious | Risk Score: 9/10 | Severity: Critical

Category: UPI, KYC, Phishing

Scam Intelligence: Paytm KYC Expired SMS Phishing Scam

Proprietary signals from BharatSecure's scam-tracking database.

Top affected regions	India, general, professionals, urban
Last reported	May 12, 2026

How Paytm KYC Expired SMS Phishing Scam Works

Overview: The 'Paytm KYC Expired SMS Phishing Scam' is targeting millions of digital wallet users across India, especially those who use Paytm for daily payments and transactions. Scammers pretend to be from Paytm and send alarming SMS messages claiming that your KYC (Know Your Customer) details have expired. The scam is dangerous because it tricks unsuspecting people into entering their account login, passwords, and OTPs on fake websites. This hands over complete control of their digital wallet to cybercriminals, who can then empty your wallet, make fraudulent UPI payments, or misuse your financial details. How It Works: First, you get a text message from an unknown or suspicious number alerting you that your Paytm KYC will expire or your account will be frozen in 24 hours. The message urges you to click a link to 'update your KYC.' The link redirects you to a counterfeit website that looks very similar to the real Paytm login page. If you enter your details here, the information is sent directly to scammers. They may also send a fake OTP (One-Time Password) prompt, capturing the code as soon as you enter it, allowing them to takeover your account and transfer funds away instantly. India Angle: This scam has spread rapidly across urban and semi-urban areas in India, riding on the popularity of UPI and Paytm, especially among smartphone users. It is particularly prevalent in states with high digital payment usage such as Maharashtra, Karnataka, and Delhi NCR. Hindi and English are the main languages used, but variations may arrive in local languages. Real Examples: "Dear Customer, Your Paytm KYC expired. Account will be blocked in 24 hours. Update now: http://paytm-verify-kyc.link" or "KYC not updated. Click here to avoid penalty: http://paytmupdate-check.com". One Jaipur resident received such a message and lost ₹50,000 after entering his OTP on a fake site. Red Flags: 1. SMS threatens that account will be blocked within hours. 2. Website links that don’t have paytm.com in the address. 3. Messages address[ADDRESS_REDACTED]. 4. Requests for sensitive details like login, password, or OTPs via SMS or email. 5. No corresponding alert in your Paytm app or dashboard. Protective Measures: Never click on suspicious links received via SMS. Always open the official Paytm app to check for any genuine alerts or notifications. If unsure, call Paytm's official customer service using the number listed in your app or on the verified website. Never share OTPs or enter your password on any website except the official Paytm site or app. Enable real-time SMS or in-app notifications for all financial transactions to spot unusual activity quickly. If Victimised: 1. Immediately call the National Cyber Helpline at 1930. 2. Report the incident at cybercrime.gov.in. 3. Notify Paytm customer care and your bank to block further transactions. 4. Change your passwords and check other linked accounts for tampering. Related Scams: Similar scams include phishing emails claiming your UPI or bank KYC needs urgent updating, and fake app update scams that install malware rather than official apps.

How This Scam Works — Detailed Explanation

The 'Paytm KYC Expired SMS Phishing Scam' exploits the widespread use of digital wallets in India, particularly targeting users who rely on Paytm for their everyday transactions. Scammers often begin by obtaining phone numbers from data breaches or through phishing campaigns, aiming at individuals who are likely to have active digital wallets. The approach is primarily via SMS, where they send messages that appear to be from Paytm, often containing alarming statements about account verification or KYC details needing urgent attention. Given that digital transactions are now integral to daily life in India, many users are vulnerable and quick to respond to such messages.

To manipulate their victims, scammers employ various psychological tactics. They create a sense of urgency by claiming that the user’s account will be blocked within 24 hours if necessary actions are not taken. This cavitation stresses individuals into reacting without thinking critically about the situation. Furthermore, scammers often use generic greetings rather than the user’s name, a clear red flag that the message might not be legitimate. They accompany this with credible-looking website links that directed victims to fake pages resembling the official Paytm site. These tactics effectively instill fear and urgency, prompting users to abandon their caution in favor of compliance.

Once victims click on the deceptive links, they typically encounter a website that closely mimics the Paytm login page. Here, they are prompted to enter their login credentials, personal information, and OTPs—information that is then transmitted directly to the scammers. For instance, a victim may think they are averting account blockage by hastily entering their data, only to realize later that they have lost complete control over their Paytm account. In one documented case, a user lost ₹10 lakh in a single transaction due to falling for this scam, highlighting the severe risks and consequences of such phishing attacks.

The impact of the 'Paytm KYC Expired SMS Phishing Scam' extends beyond individual losses; according to recent reports, cyber fraud in India led to a staggering loss of ₹29,000 crore in the financial year 2023 alone. Organizations like the Ministry of Home Affairs (MHA), Reserve Bank of India (RBI), and CERT-In have recognized such scams as critical cyber threats and have issued advisories urging users to stay vigilant. The alarming frequency and scale at which these scams are being executed show that regulators and law enforcement need to intensify their efforts in educating the public about these risks.

To differentiate between legitimate communication and scams, users must be vigilant. Always verify the sender's contact number against official records; genuine messages from Paytm will always come from their official numbers. Additionally, check the hyperlinks included in the SMS for authenticity, ensuring they are from 'paytm.com' or its subdomains and not from unknown sources. Remember, no legitimate organization will ask you to share sensitive information like passwords or OTPs via SMS or calls. Ignoring such messages is often the safest response, especially when the communication feels suspicious or urgent.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Paytm KYC Expired SMS Phishing Scam Target?

General public across India

Red Flags — How to Identify Paytm KYC Expired SMS Phishing Scam

Urgent threats about account blockage within 24 hours
Website links that are not from paytm.com or its official subdomains
Requests for sensitive info like password, OTP, or PIN via SMS
Generic greetings instead of your registered name

What To Do If You Encounter Paytm KYC Expired SMS Phishing Scam

Report the incident at 1930 or through cybercrime.gov.in immediately.
Do not click on any links in suspicious SMS messages.
Change your Paytm password right away if you entered it on a suspicious site.
Contact Paytm customer support for guidance and to potentially secure your account.
Inform your bank if you have linked your Paytm account for any additional precautions.
Stay informed about the latest scams by following cybersecurity advisories.

How to Report Paytm KYC Expired SMS Phishing Scam in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a UPI scam?: Immediately report the incident at 1930 and contact your bank's customer service. For example, SBI can be reached at 1800-11-1109.
How can I identify the Paytm KYC Expired SMS Phishing Scam?: Look for messages with generic greetings, urgent threats, and links not associated with paytm.com.
How do I report this type of scam in India?: You can report at 1930 or visit cybercrime.gov.in to submit your complaint. Always inform your bank about fraudulent activities.
What steps should I follow to recover money or protect my account after this scam?: Contact your bank immediately to report unauthorized transactions, change your passwords and enable additional security methods such as two-factor authentication.

Related Scams in India

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.