What to do if I shared my OTP in a WhatsApp scam?

Immediately contact your bank's helpline. For SBI, call 1800-11-1109 or for HDFC, call 1800-202-6161. Change your passwords right away.

How can I identify phishing via unclaimed asset portals?

Look for links not ending in .gov.in, and be wary of messages from unknown numbers asking for sensitive information.

How to report this type of scam in India?

You can report such scams by calling the cybercrime helpline at 1930 or by visiting cybercrime.gov.in to file an official complaint.

What are the steps to recover money or protect accounts after this scam?

Contact your bank immediately to report fraudulent activity. If money has been lost, file a complaint through cybercrime.gov.in or call 1930 for assistance.

Phishing via Unclaimed Asset Portals

Verdict: Suspicious | Risk Score: 7/10 | Severity: high

Category: WhatsApp, KYC, Phishing

How Phishing via Unclaimed Asset Portals Works

Overview: Cybercriminals are sending unofficial emails, SMS, and WhatsApp messages with links to fake versions of RBI UDGAM, IRDAI Bima Bharosa, and SEBI MITRA portals. These mimic real sites and trick victims into entering login details, PAN, Aadhaar, or OTPs. Targeting anyone curious about dormant accounts, these scams are dangerous as they enable data theft, facilitate unauthorised transactions, and often lead to broader financial fraud. How It Works: The victim receives a message reading, 'Your dormant account has unclaimed funds. Click here to recover: udgam-rbi-portal.ru.' The scam site looks identical to the official one, requesting the user’s sensitive personal and banking information. After 'submission,' fraudsters can drain linked accounts, commit identity theft, or use the data for future attacks. India Angle: These phishing attempts disproportionately target urban and semi-urban Indians—especially professionals and retirees—primarily in Hindi, English, and regional languages. The scam leverages heightened public interest after large government publicity campaigns, and messages often contain legitimate-sounding references to RBI and related authorities. Real Examples: SMS: “Dear customer, RBI UDGAM portal recovered ₹48,502 for you. Visit: udgam-rbi.in now to claim.” WhatsApp: “Unclaimed PF balance detected. Complete verification via this secure link.” Red Flags: - Portal links that do not use .gov.in domain - Messages with spelling mistakes or grammatical errors - Out-of-the-blue notifications about unclaimed assets or deadlines - Requests for OTPs or passwords under the guise of verification Protective Measures: Only use official UDGAM, Bima Bharosa, and MITRA websites—never click unfamiliar links. Type website URLs by hand, check for SSL/tls lock icon, and verify government affiliation. Never enter your credentials or OTPs based on unsolicited messages. Report all phishing attempts to cybercrime authorities or RBI. If Victimised: Immediately change your passwords, enable two-factor authentication, and alert your bank. Lodge a complaint with 1930 and on cybercrime.gov.in to prevent further misuse. Related Scams: - KYC Update Phishing - Fake Income Tax Refund Frauds - Fake Bank Website Cloning Attacks

How This Scam Works — Detailed Explanation

Cybercriminals exploit curiosity around unclaimed assets in India by reaching out to victims through popular communication platforms like WhatsApp. They create a facade of legitimacy by sending unsolicited messages that appear credible, often mimicking communication styles of trusted financial institutions such as the Reserve Bank of India (RBI) or Insurance Regulatory and Development Authority of India (IRDAI). Scammers will send messages like, 'There's a huge amount lying unclaimed in your name! Click here to claim it!' Victims often receive links that lead to fraudulent replicas of legitimate portals like RBI UDGAM, IRDAI Bima Bharosa, or SEBI MITRA, which are specifically designed to look professional and official.

The psychological tricks employed by these scammers are designed to evoke fear and urgency. Victims may feel they might miss out on a significant financial opportunity linked to dormant assets. When a potential victim receives a message describing 'unclaimed assets' with promises of financial gain, they are less likely to scrutinize the message or the link provided. Scammers also use emotional triggers, appealing to the innate desire to secure one's wealth. Once the victim interacts with the phishing link, they are often directed to a fake login page where they are prompted to enter sensitive personal information such as their PAN, Aadhaar number, or UPI credentials, all under the guise of verifying their identity.

Upon entering their details into these fraudulent portals, victims face dire consequences. For example, they may unknowingly provide their OTP, which allows criminals to access their real financial accounts. Instances have been reported where victims lose money through unauthorized UPI transactions or see their savings vanish as a result of their information being misused. A particularly illustrative case involved a resident of Maharashtra who lost ₹35 lakhs after entering sensitive information on a fraudulent site claiming to trace his unclaimed assets. Stories like these are becoming increasingly common, highlighting how the desire to reclaim forgotten wealth can lead to tragic financial loss.

The impact of such scams is substantial across India, with victims reporting losses amounting to several crores. According to the Ministry of Home Affairs (MHA), scams in 2022 alone accounted for approximately ₹5,000 crore lost in all forms of cyber fraud. The National Cyber Crime Reporting Portal (cybercrime.gov.in) has seen an alarming rise in complaints linked to phishing scams that capitalize on unclaimed assets. As more individuals fall prey to these enticing but fraudulent schemes, the financial repercussions for victims can be devastating, impacting their trust in digital financial services.

Identifying these scams involves a keen eye for specifics. Legitimate communications from financial institutions typically include links ending in .gov.in or official bank domains, not shady or unknown links. Furthermore, be suspicious of unsolicited notifications about unclaimed assets and never provide OTPs, passwords, or PINs in response to such messages. If you're unsure about the authenticity of a message, always cross-reference by contacting your bank directly. Look closely for language errors in messages, as these can be a sign of fraudulent activity. If a message makes requests that a legitimate service wouldn't, it's likely a scam. Always verify before you respond or engage further.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Phishing via Unclaimed Asset Portals Target?

General public across India

Red Flags — How to Identify Phishing via Unclaimed Asset Portals

Links not ending in .gov.in
Messages with errors or unfamiliar sender addresses
Requests for OTP, password, or PIN for asset verification
Unsolicited notifications about unclaimed assets

What To Do If You Encounter Phishing via Unclaimed Asset Portals

Report any suspicious message immediately by contacting the cybercrime helpline at 1930.
Avoid clicking on links or providing any personal information in response to unsolicited messages.
Verify the authenticity of messages regarding unclaimed assets by contacting your bank directly.
Regularly check your financial accounts for unusual activity or unauthorized transactions.
Educate your friends and family about phishing scams via unclaimed asset portals.
Visit cybercrime.gov.in to file a complaint or to seek guidance on protecting yourself against such scams.

How to Report Phishing via Unclaimed Asset Portals in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a WhatsApp scam?: Immediately contact your bank's helpline. For SBI, call 1800-11-1109 or for HDFC, call 1800-202-6161. Change your passwords right away.
How can I identify phishing via unclaimed asset portals?: Look for links not ending in .gov.in, and be wary of messages from unknown numbers asking for sensitive information.
How to report this type of scam in India?: You can report such scams by calling the cybercrime helpline at 1930 or by visiting cybercrime.gov.in to file an official complaint.
What are the steps to recover money or protect accounts after this scam?: Contact your bank immediately to report fraudulent activity. If money has been lost, file a complaint through cybercrime.gov.in or call 1930 for assistance.

Related Scams in India

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.