What to do if I shared my OTP in a phishing scam?

Immediately contact your bank's customer care and inform them about the situation. They can take steps to secure your account.

How can I identify a phishing scam?

Be wary of unexpected messages or emails, especially those requesting personal information or urging immediate action. Look for poor grammar or strange URLs.

How can I report this type of scam in India?

You can report a phishing scam by calling the cybercrime helpline at 1930, or filing a report online at cybercrime.gov.in.

What are the recovery steps if I’ve been scammed?

Contact your bank to freeze your account, change passwords, and document the scam for reporting to authorities.

Phishing Attack Volume Down 20%, but Risk Still Rising

INDIA — By BharatSecure Threat Intelligence Team · Updated Jun 12, 2026

Suspicious Risk: 5/10 Severity: Medium BharatSecure Threat Intelligence

Category: phishing

Verdict Summary

Phishing Attack Volume Down 20%, but Risk Still Rising shows strong scam indicators common in fraud targeting Indian users. Do not share OTPs, passwords, or payments — verify the source independently.

Risk score: 5/10 · Severity: Medium · Verdict: Suspicious

Scam Intelligence: Phishing Attack Volume Down 20%, but Risk Still Rising

Proprietary signals from BharatSecure's scam-tracking database.

Last reported

Jun 12, 2026

How Phishing Attack Volume Down 20%, but Risk Still Rising Works

While the overall volume of phishing attacks has decreased by 20%, the associated risk continues to escalate. This indicates that even with fewer attempts, the sophistication or impact of successful phishing campaigns is increasing, posing a persistent threat.

How This Scam Works — Detailed Explanation

Phishing scams have become increasingly sophisticated in recent years, despite a reported 20% decrease in overall attack volume. Scammers often use social engineering techniques to find and approach victims. They cast a wide net through various online platforms such as WhatsApp, popular social media sites, and even emails that appear to be sent from legitimate businesses or government agencies. In India, they might impersonate the National Payments Corporation of India (NPCI) or major banks, as these institutions have more robust user reach. For example, a message claiming to be from the Reserve Bank of India (RBI) may prompt users to click on suspicious links, thereby targeting a large number of unsuspecting individuals leveraging UPI or Aadhaar services.

Once they have access to the victims' trust, scammers employ specific tactics designed to manipulate emotions and induce urgency. For instance, they may send messages claiming a due payment must be made through a certain link before a deadline, complete with fake logos and fonts that resemble real banking institutions. These tactics often rely on creating a sense of fear or excitement; the victims might be told their bank account is compromised or that they've won a lottery but need to verify via a provided link. Such psychological tricks exploit basic human emotions and often result in victims bypassing their caution.

When victims fall prey to these scams, a series of unfortunate and potentially devastating events unfold. Often, clicking on a phishing link directs them to a fake website that prompts for sensitive details like OTPs, UPI PINs, Aadhaar numbers, or bank account details. Once this information is provided, scammers can quickly drain bank accounts or conduct unauthorized transactions. For instance, an individual receiving a phishing message on WhatsApp claiming to be from their bank may unknowingly share sensitive information, resulting in loss of ₹5 lakh in just a few hours. Victims may only realize something is wrong when they receive alerts for transactions they did not authorize, or their phone suddenly stops registering any official communications from their bank or service providers.

The real-world impact of such scams in India is alarming. In the past year alone, reports have indicated losses amounting to approximately ₹2,000 crore due to phishing and other types of cyber fraud. The Ministry of Home Affairs (MHA) and the RBI have both issued guidelines and advisories urging the public to remain vigilant and to report any suspicious activities. Additionally, CERT-In has flagged an increase in the sophistication of phishing tactics, despite the decline in overall attempts. Such facts highlight that the scams have not only become an economic issue but also a societal challenge that necessitates public awareness and preventive measures.

Spotting a phishing scam can sometimes be tricky, but being alert can save you from financial ruin. Legitimate communications from your bank or service providers will typically never ask for sensitive information via text or messages. Always check if the sender's email or message content contains misspellings or unusual phrases. Validate such messages by direct communication with your bank's helpline (e.g., SBI 1800-11-1109, HDFC 1800-202-6161) rather than relying on provided links. Understanding these differences can go a long way in protecting oneself from falling victim to phishing attempts.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Phishing Attack Volume Down 20%, but Risk Still Rising Target?

General public across India

Red Flags — How to Identify Phishing Attack Volume Down 20%, but Risk Still Rising

phishing
cybersecurity
risk
attack volume

What To Do If You Encounter Phishing Attack Volume Down 20%, but Risk Still Rising

Report the incident immediately at the cybercrime helpline 1930 or visit cybercrime.gov.in.
Contact your bank's customer service immediately to alert them of any suspicious activity.
Change your passwords for online banking and linked accounts to safeguard against unauthorized access.
Be cautious and verify any unsolicited messages before clicking on links or sharing personal information.
Enable two-factor authentication on sensitive accounts to add an additional layer of security.
Educate friends and family members on the signs of phishing scams to protect them as well.

How to Report Phishing Attack Volume Down 20%, but Risk Still Rising in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a phishing scam?: Immediately contact your bank's customer care and inform them about the situation. They can take steps to secure your account.
How can I identify a phishing scam?: Be wary of unexpected messages or emails, especially those requesting personal information or urging immediate action. Look for poor grammar or strange URLs.
How can I report this type of scam in India?: You can report a phishing scam by calling the cybercrime helpline at 1930, or filing a report online at cybercrime.gov.in.
What are the recovery steps if I’ve been scammed?: Contact your bank to freeze your account, change passwords, and document the scam for reporting to authorities.

🛡️

How This Scam Works — BharatSecure AI

Spreading fast

A plain-language breakdown based on 500 real reported scams of this type.

How they reach you	Initial contact is predominantly made via phone/video calls (WhatsApp, Telegram), SMS, email and social media DMs, increasingly powered by AI deepfake video, cloned voices and LLM-generated error-free
How they gain your trust	Trust is manufactured instantly through impersonation of inherently trusted entities — family members in distress, company CEOs/CFOs, bank officials, police, exchange support staff or government figur
How they take your money	UPI and QR-code payments dominate the reported India-focused records, alongside IMPS/real-time bank transfers, wire transfers to offshore or mule acco
Who they target	Targets span the full population but cluster in documented segments: corporate finance and payroll staff (BEC/CEO deepfake fraud), urban professionals and small businesses, job seekers on LinkedIn/Wha

How they manipulate you

Authority bias (deference to CEOs, police, bank and government officials)
Urgency/scarcity pressure (emergencies, 'digital arrest', account suspension, confidential urgent transfers)
Emotional hijacking via familiarity (panic when a loved one's cloned voice claims an accident or arrest)
Fear of loss (assets 'at risk', threats of legal action or image exposure in sextortion)
Visual/auditory trust heuristic (seeing or hearing is believing, exploited by deepfakes)

Warning signs

Urgent money or OTP requests during a call/video call, even when the face or voice matches a known person — verify via a separate, known channel or shared secret
Unexpected calls from 'executives', 'bank officials', 'police' or 'exchange support' demanding immediate confidential transfers or threatening 'digital arrest'
Requests to pay via UPI/QR codes, crypto wallets, gift cards, or transfers to new/offshore accounts under time pressure
Links, QR codes or ads leading to login/verification pages, 'free AI tools', sideloaded apps, or wallet-connect approvals requesting unlimited token permissions
Investment or prize pitches 'endorsed' by officials/celebrities, lottery wins requiring processing fees, or perfectly written personalised messages referencing your social media data

Related Scams in India

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.